9c0b330ed96a359c6e431df7d106551f381cc433185a9e3734de27e6938f89d5

Analysis

max time kernel
154s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:32

Target

9c0b330ed96a359c6e431df7d106551f381cc433185a9e3734de27e6938f89d5.dll
Size

33KB
MD5

fe9fb382dbf8ad84fb82c1eed3c4ce75
SHA1

d0cfc0a3e25396343b3d935fd5174e0975b184e4
SHA256

9c0b330ed96a359c6e431df7d106551f381cc433185a9e3734de27e6938f89d5
SHA512

ed6b279a57402aee52870cdee875cbe40f64633a4681581d4497403e253325e466fbfe10460bf5d4e997bf168f7d59a8400fd705f0a3a788e5f36b77e5a0cc92
SSDEEP

768:996qg4EziJIHWHvpS0b7Iap2VgUQTx/ha5eR:z6UEzPWHR7T2VgU0l

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5020	4764	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 4764	4860	rundll32.exe	82
PID 4860 wrote to memory of 4764	4860	rundll32.exe	82
PID 4860 wrote to memory of 4764	4860	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0b330ed96a359c6e431df7d106551f381cc433185a9e3734de27e6938f89d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0b330ed96a359c6e431df7d106551f381cc433185a9e3734de27e6938f89d5.dll,#1
  2⤵
  PID:4764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 644
    3⤵
    - Program crash
    PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4764 -ip 4764
1⤵
PID:540

memory/4764-133-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download