b79d762d2341e4e0e384c4f8006e998a8aba9aef26d168e170892e09b598226c

Analysis

max time kernel
101s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 20:40

Target

8957354a4d9a71afdb268698afb09326dc23611e1d1b084815c8cf754376abfd.dll
Size

434KB
MD5

0879166c74521124deff2ba7acc68465
SHA1

f3c4ed69dd57956c4774b7e05f3215341734621c
SHA256

8957354a4d9a71afdb268698afb09326dc23611e1d1b084815c8cf754376abfd
SHA512

b191419e18ddf528b76eeaf7e3f8c31aba8b6fb55dc517db681106dcf26edcd5eb95e2658d56fea415b56efdcead67abfcb321ca79737320080334286bdc74fd
SSDEEP

12288:rJZ701RXT1BaB4Irm8VGf9hyI8K9HGgFA:VZ701RXT1wB4Irz0f9hNh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4184	716	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 716	2320	rundll32.exe	84
PID 2320 wrote to memory of 716	2320	rundll32.exe	84
PID 2320 wrote to memory of 716	2320	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8957354a4d9a71afdb268698afb09326dc23611e1d1b084815c8cf754376abfd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8957354a4d9a71afdb268698afb09326dc23611e1d1b084815c8cf754376abfd.dll,#1
  2⤵
  PID:716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 600
    3⤵
    - Program crash
    PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 716 -ip 716
1⤵
PID:2704

memory/716-133-0x000000006B200000-0x000000006B271000-memory.dmp

Filesize
452KB

Download