8a3682c77c1f79c0f4ee0517ddcb932a015832f2d0ed06e0298d1b84fcee1d48

Analysis

max time kernel
111s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:01

Target

8a3682c77c1f79c0f4ee0517ddcb932a015832f2d0ed06e0298d1b84fcee1d48.dll
Size

83KB
MD5

fbf46200bfc0943adf9a45cc3c5b1a10
SHA1

32cf4e29585454f5fc588af720610f09ecd6f5ee
SHA256

8a3682c77c1f79c0f4ee0517ddcb932a015832f2d0ed06e0298d1b84fcee1d48
SHA512

226b6e34b5dc91a6e9542c37be83071a73b8d9c2fb813d6c564bff71d3bfaf05b663b1b93bfeb46c375b504399415270b2f5ddaa1ec32cae3a932ec326de97d8
SSDEEP

1536:uRQEi/VA+wxAzshYODwU4XYXEIj3cxLMlx/ElC:uRpbweYMwR14Owlxcl

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4932	5016	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 5016	3340	rundll32.exe	80
PID 3340 wrote to memory of 5016	3340	rundll32.exe	80
PID 3340 wrote to memory of 5016	3340	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a3682c77c1f79c0f4ee0517ddcb932a015832f2d0ed06e0298d1b84fcee1d48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a3682c77c1f79c0f4ee0517ddcb932a015832f2d0ed06e0298d1b84fcee1d48.dll,#1
  2⤵
  PID:5016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 600
    3⤵
    - Program crash
    PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5016 -ip 5016
1⤵
PID:4800

memory/5016-133-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/5016-134-0x0000000001370000-0x0000000001375000-memory.dmp

Filesize
20KB

Download