bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b

Analysis

max time kernel
150s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 02:31

Target

bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b.dll
Size

1.9MB
MD5

be7cce2df094d9fd9c04df1ac41de4db
SHA1

6a7759cdbb717d575a85c0f833777c907c20bbee
SHA256

bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b
SHA512

22b3438cd31b49b8ccc7e68ce831e619ca0d97090c27df870a81bbec39e589e33279881702aa691c8fc5eddd4b795b742815aca2605c6b3a6cb1df85289a956f
SSDEEP

49152:7bn9dpkLPzjtNVpACuj0MMfArnWE1Lv/U/LZxe3:PnnpkLLjbATqA9CLZ

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\driver.dll	rundll32.exe
File opened for modification	C:\Windows\driver.dll	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4392	4596	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4596	4956	rundll32.exe	82
PID 4956 wrote to memory of 4596	4956	rundll32.exe	82
PID 4956 wrote to memory of 4596	4956	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd8a8e8fedbbf6991830f9e90d73eba3168dec38e3bacb4ffc543c631dd6df1b.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:4596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 592
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4596 -ip 4596
1⤵
PID:1556