8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c

Analysis

max time kernel
146s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
14-06-2023 08:51

Target

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll
Size

134KB
MD5

58b8d65e848176eb583a88e8d48f413e
SHA1

9ebb541dcb24d564448a6f5e00c613b73eba7148
SHA256

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c
SHA512

8546e6333040f600051221657d5d345e2a203bda6284537c9d1130c301f0ec6289bda0c85b8bffa9941075eaca429dcef2f8b0811c751b5e7cc980b1b771d92f
SSDEEP

3072:rw9SF4O9OLLkWE6tAfyZhhJjL18TSOz0FrES:gSj4LLkitAadJjn56S

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3976	3944	WerFault.exe	66

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 3944	1804	rundll32.exe	66
PID 1804 wrote to memory of 3944	1804	rundll32.exe	66
PID 1804 wrote to memory of 3944	1804	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
  2⤵
  PID:3944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 628
    3⤵
    - Program crash
    PID:3976