c8be8befbff38a57be42ad8b0c4badde1d1fc28098b440fc261eb58ad215caef

Analysis

max time kernel
165s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 02:46

Target

c8be8befbff38a57be42ad8b0c4badde1d1fc28098b440fc261eb58ad215caef.dll
Size

48KB
MD5

121f653ece800207a1a0db0aaa211bc0
SHA1

b2b5833d9319c82cd29d6cee3797bcf0ad11e305
SHA256

c8be8befbff38a57be42ad8b0c4badde1d1fc28098b440fc261eb58ad215caef
SHA512

ddc14c7a49528a9da3ec298456b097f27bd0c645ce05ed432162355f49d94de2f2e9206aa858109fe1df5edbb233530b57bf185e206784706ff5c62965cdec50
SSDEEP

768:fpypHVCql8/Hm10tZ3hiudhMVatAgxcyaYXz0m+jgBVDF2wR3REg9amvVgXJ8eHT:BYd8/ziuZJcyaYX6gB5w8R/4mvVg5h9F

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5032	2980	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2980	2116	rundll32.exe	79
PID 2116 wrote to memory of 2980	2116	rundll32.exe	79
PID 2116 wrote to memory of 2980	2116	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8be8befbff38a57be42ad8b0c4badde1d1fc28098b440fc261eb58ad215caef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8be8befbff38a57be42ad8b0c4badde1d1fc28098b440fc261eb58ad215caef.dll,#1
  2⤵
  PID:2980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 596
    3⤵
    - Program crash
    PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2980 -ip 2980
1⤵
PID:512

memory/2980-133-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download