8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 02:07

Target

8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll
Size

704KB
MD5

65ba661fd3498e2a8624dd68d2666220
SHA1

912bcb591a54ac3111c4a373c3b1f786aa530758
SHA256

8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737
SHA512

f2d24b80e3a509411a062c30edd96fa7a23718c7b88bb52815298dba1fab50992ad1a5875cbb2cf4e0819717db1757ccf2ea8325b37669269dd195c12a9644f7
SSDEEP

12288:Z0ywjWtUO+Oke04VGUl6vhOiue+bhPrRx4vSZqB7Y0lnMyC2+ES1eu:GCwsdPJyC29e

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3792	rundll32mgr.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2176	WerFault.exe	79

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2176	1112	rundll32.exe	79
PID 1112 wrote to memory of 2176	1112	rundll32.exe	79
PID 1112 wrote to memory of 2176	1112	rundll32.exe	79
PID 2176 wrote to memory of 3792	2176	rundll32.exe	80
PID 2176 wrote to memory of 3792	2176	rundll32.exe	80
PID 2176 wrote to memory of 3792	2176	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d69a4947ed74cff7356fae542d0c1c4e2794dd861ef30948990826345428737.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    PID:3792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 628
    3⤵
    - Program crash
    PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2176 -ip 2176
1⤵
PID:4768

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
memory/2176-132-0x0000000000000000-mapping.dmp

Download
memory/2176-133-0x0000000010000000-0x00000000100B1000-memory.dmp

Filesize
708KB

Download
memory/2176-137-0x0000000010000000-0x00000000100B1000-memory.dmp

Filesize
708KB

Download
memory/3792-134-0x0000000000000000-mapping.dmp

Download