9d781d8cb802c81b97906830b83e42abfef718758688edd15a43d507304f3771

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:03

Target

9d781d8cb802c81b97906830b83e42abfef718758688edd15a43d507304f3771.dll
Size

62KB
MD5

413f8da58b70e561a5eec7e9d146d6ef
SHA1

32aa6b382425cd3286796a5a34816a97adc68432
SHA256

9d781d8cb802c81b97906830b83e42abfef718758688edd15a43d507304f3771
SHA512

441e49c91e16f23f972d78d49072174383580dc28f264448a90bcb040c1522b62fbe794a5824c9247b5cbd79a35a48bc4075786aa39543ae862916d38fd16d58
SSDEEP

1536:tVfi5oI48ejYrJaNE1+BTNqCntUzFMW9jP:3fS4mAN3ZNqCntUGW9jP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3996	2820	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2820	4788	rundll32.exe	81
PID 4788 wrote to memory of 2820	4788	rundll32.exe	81
PID 4788 wrote to memory of 2820	4788	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d781d8cb802c81b97906830b83e42abfef718758688edd15a43d507304f3771.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d781d8cb802c81b97906830b83e42abfef718758688edd15a43d507304f3771.dll,#1
  2⤵
  PID:2820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 580
    3⤵
    - Program crash
    PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2820 -ip 2820
1⤵
PID:1100

memory/2820-133-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2820-134-0x0000000002140000-0x00000000021CD000-memory.dmp

Filesize
564KB

Download