99022280b716c392167faa645ad6bd4a67614d1923b957f6d025c2b300c035f0

Analysis

max time kernel
152s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 16:46

Target

99022280b716c392167faa645ad6bd4a67614d1923b957f6d025c2b300c035f0.dll
Size

57KB
MD5

a2793b89f0a33dcb5487897e593a4534
SHA1

cf9c94a8a0ee4d28727cf0dd6feb5575134011c6
SHA256

99022280b716c392167faa645ad6bd4a67614d1923b957f6d025c2b300c035f0
SHA512

ab5f4e9053c017f4d3e03f18032c89499d26a032c9b83f9955a5910cbf99e032039520831a0e917252ef46bb3c419926e18c6d2eb095342beb78479b70bbeee2
SSDEEP

1536:+fQAl+7ovOBQRQhtnwwrywd4eV3glxxzAf:aQAl+pB7/wtwZVQlxxzC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3224	5116	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 792 wrote to memory of 5116	792	rundll32.exe	81
PID 792 wrote to memory of 5116	792	rundll32.exe	81
PID 792 wrote to memory of 5116	792	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99022280b716c392167faa645ad6bd4a67614d1923b957f6d025c2b300c035f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99022280b716c392167faa645ad6bd4a67614d1923b957f6d025c2b300c035f0.dll,#1
  2⤵
  PID:5116
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 568
    3⤵
    - Program crash
    PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5116 -ip 5116
1⤵
PID:4816

memory/5116-133-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download