9147364ce225f6b77e67dd83d87e9ddfe492ecb5b5b3e062a33b627f518129a7

Analysis

max time kernel
152s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 12:31

Target

9147364ce225f6b77e67dd83d87e9ddfe492ecb5b5b3e062a33b627f518129a7.dll
Size

52KB
MD5

4f6d9b5d0fe9419dd3b67fd623d61e80
SHA1

bc252f8dc6f97bc1de431d59bf5c939320effb36
SHA256

9147364ce225f6b77e67dd83d87e9ddfe492ecb5b5b3e062a33b627f518129a7
SHA512

b890753f605e80a9942b42ee2688d8084813afbb5b9d1d83169844800d3a0ae2c81fb465dd5a5b350c02f168b4d077fecc858ca3c8d7d2792ea5acae075b7e52
SSDEEP

768:lyOYs0Ci3T9qLkIB+0yM1/CWdoYqTjGa4EhRtIQ9hd+HPWVunTEDHA7wjcD1:lZzi34LkkV/RdoF7ecUHP7Eg1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3892	1180	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 1180	5104	rundll32.exe	82
PID 5104 wrote to memory of 1180	5104	rundll32.exe	82
PID 5104 wrote to memory of 1180	5104	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9147364ce225f6b77e67dd83d87e9ddfe492ecb5b5b3e062a33b627f518129a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9147364ce225f6b77e67dd83d87e9ddfe492ecb5b5b3e062a33b627f518129a7.dll,#1
  2⤵
  PID:1180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 600
    3⤵
    - Program crash
    PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1180 -ip 1180
1⤵
PID:112