8049b1d22d3c885484157cf9046c104e8f8675eedbed40941df5d3fe2a1220e7

Analysis

max time kernel
162s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 06:39

Target

8049b1d22d3c885484157cf9046c104e8f8675eedbed40941df5d3fe2a1220e7.dll
Size

437KB
MD5

606009a1ae208e2a6ec78d69fb988973
SHA1

5fa74e1f2ac3f52808d348878b22a81335ceb977
SHA256

8049b1d22d3c885484157cf9046c104e8f8675eedbed40941df5d3fe2a1220e7
SHA512

7753235c8c6f2519eb04250718a4d6836dd0a1170cc27c84ae95845530cb08f544b67640be6f4e6f0ce343787bae590a99cd2f7b35524b2ccd2f0c3c81f2a5d8
SSDEEP

6144:CLZ8/9qntfUh/8jfg4v05xiGchHRUqd4imh0DAgJrxHTP+:7/9qntfUh/8jfExiGchHRUm+gxR+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4620	1292	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1292	4564	rundll32.exe	83
PID 4564 wrote to memory of 1292	4564	rundll32.exe	83
PID 4564 wrote to memory of 1292	4564	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8049b1d22d3c885484157cf9046c104e8f8675eedbed40941df5d3fe2a1220e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8049b1d22d3c885484157cf9046c104e8f8675eedbed40941df5d3fe2a1220e7.dll,#1
  2⤵
  PID:1292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 580
    3⤵
    - Program crash
    PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 1292 -ip 1292
1⤵
PID:1424