8455dc2f73bc99a13fb93aea8821ba54d8136c165b7448d370f173d711423e77

Analysis

max time kernel
82s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2023 04:46

Target

8455dc2f73bc99a13fb93aea8821ba54d8136c165b7448d370f173d711423e77.dll
Size

4.0MB
MD5

396a7059469786b20974edfc463d5d3a
SHA1

15a61956e01f8e768d49714c8336eb155fd42e73
SHA256

8455dc2f73bc99a13fb93aea8821ba54d8136c165b7448d370f173d711423e77
SHA512

eedc61832a9cafca5b363ce55113068167e2c3567c7ba8ac826e1e8e82040c9ff279858be9351fbc0d0cc6394e53a4097c0bc0d096f9b8d2eb13017d7c173a74
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGz9:opLDM9RUYqBfO9nP5GIky+f9qL2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
580	4624	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 4624	4528	rundll32.exe	86
PID 4528 wrote to memory of 4624	4528	rundll32.exe	86
PID 4528 wrote to memory of 4624	4528	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8455dc2f73bc99a13fb93aea8821ba54d8136c165b7448d370f173d711423e77.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8455dc2f73bc99a13fb93aea8821ba54d8136c165b7448d370f173d711423e77.dll,#1
  2⤵
  PID:4624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 628
    3⤵
    - Program crash
    PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4624 -ip 4624
1⤵
PID:4792

memory/4624-133-0x00000000750C0000-0x0000000075877000-memory.dmp

Filesize
7.7MB

Download