9b93caea25435357a23be7edad056c82b38e611f88da05445291517c3c59ef59

Analysis

max time kernel
94s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 19:45

Target

9b93caea25435357a23be7edad056c82b38e611f88da05445291517c3c59ef59.dll
Size

48KB
MD5

647fd7564312450cae35cf84360b9743
SHA1

ab7b69b7c8cf3117f684b957ae3956c8a15aade2
SHA256

9b93caea25435357a23be7edad056c82b38e611f88da05445291517c3c59ef59
SHA512

c6062eb9a5a5f57a0576e04a78be643fc43ad126c48aa8e6c40a0e9746ce8594eca318c15fb871346acb20e6c790667c0e32cefd6f373a318eed13f08ccca93e
SSDEEP

768:PX9fDu2uzLK1A5R+bPMiFBsZaunzmbOxp0kl7sLv+y/1YXo9e:PX02YAA5R+T9Azmbq/7sLvRdAoE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1016	3112	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 3112	1944	rundll32.exe	76
PID 1944 wrote to memory of 3112	1944	rundll32.exe	76
PID 1944 wrote to memory of 3112	1944	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b93caea25435357a23be7edad056c82b38e611f88da05445291517c3c59ef59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b93caea25435357a23be7edad056c82b38e611f88da05445291517c3c59ef59.dll,#1
  2⤵
  PID:3112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 856
    3⤵
    - Program crash
    PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3112 -ip 3112
1⤵
PID:1044

memory/3112-133-0x0000000002870000-0x0000000002946000-memory.dmp

Filesize
856KB

Download
memory/3112-134-0x0000000002870000-0x0000000002946000-memory.dmp

Filesize
856KB

Download