8be43ffd168e64d96a69e2b53fd4b91821f9a0ff47c6fc2af0edd617f4f5838d

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 23:43

Target

8be43ffd168e64d96a69e2b53fd4b91821f9a0ff47c6fc2af0edd617f4f5838d.dll
Size

287KB
MD5

50986bb4f72671a1b29d1aa8251e247c
SHA1

5842f302d335a89ded2f322e255ee1251674ee6c
SHA256

8be43ffd168e64d96a69e2b53fd4b91821f9a0ff47c6fc2af0edd617f4f5838d
SHA512

46d68aa4f97a3a57cab81472724a2d8cf8446aa32c45585a7ddf6cf8639d4d65cd3917293a356b3dac885aaec0edab6ebedbb1f46fcfa3dd5d5fdd14c34576b5
SSDEEP

6144:ESSzeYkGnBXxMExE8IE+dAskOSVxXu8r428b37:xSJxBXyExEdE+dAsyTf98/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3388	792	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 792	4660	rundll32.exe	78
PID 4660 wrote to memory of 792	4660	rundll32.exe	78
PID 4660 wrote to memory of 792	4660	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8be43ffd168e64d96a69e2b53fd4b91821f9a0ff47c6fc2af0edd617f4f5838d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8be43ffd168e64d96a69e2b53fd4b91821f9a0ff47c6fc2af0edd617f4f5838d.dll,#1
  2⤵
  PID:792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 632
    3⤵
    - Program crash
    PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 792 -ip 792
1⤵
PID:1684

memory/792-133-0x0000000010000000-0x00000000100B4000-memory.dmp

Filesize
720KB

Download