785aae5923fe4accad76e5f1d6688b8f8fdd24b440b71bd1bcbc62b0dc833052

Analysis

max time kernel
160s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 23:30

Target

785aae5923fe4accad76e5f1d6688b8f8fdd24b440b71bd1bcbc62b0dc833052.dll
Size

313KB
MD5

585ac35595b6912ae6cf93720ac2359b
SHA1

40aee490470b593a0d7793fb94ec6fdceb27aa1f
SHA256

785aae5923fe4accad76e5f1d6688b8f8fdd24b440b71bd1bcbc62b0dc833052
SHA512

9c3ba569b2cc9a151caf54f8d4e1bb45e619fa85810d9a21ce074cc47b72b6ba99808925429f805d8a2b4290318d5903934d7d86bc8f5eab431e330cdf1ca7ac
SSDEEP

6144:RhW6NrcRhuSHwRVgcQ+20s1x3zLBuzux+FQkBvCSVjHeTBfAkmB7lgM:jW6NrcRhJueb0usTFQkB5jHeTezH

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4592	792	WerFault.exe	81
2296	792	WerFault.exe	81

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	792	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 792	4992	rundll32.exe	81
PID 4992 wrote to memory of 792	4992	rundll32.exe	81
PID 4992 wrote to memory of 792	4992	rundll32.exe	81
PID 792 wrote to memory of 4592	792	rundll32.exe	83
PID 792 wrote to memory of 4592	792	rundll32.exe	83
PID 792 wrote to memory of 4592	792	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\785aae5923fe4accad76e5f1d6688b8f8fdd24b440b71bd1bcbc62b0dc833052.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\785aae5923fe4accad76e5f1d6688b8f8fdd24b440b71bd1bcbc62b0dc833052.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 680
    3⤵
    - Program crash
    PID:4592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 680
    3⤵
    - Program crash
    PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 792 -ip 792
1⤵
PID:4120