d8baa7420e8c76760daca3f862e6c308e166e07d4f5665f93e3935eecfa6445d

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 11:09

Target

d8baa7420e8c76760daca3f862e6c308e166e07d4f5665f93e3935eecfa6445d.dll
Size

2.1MB
MD5

92c834df6417b5ab80a040e402e6c71a
SHA1

ded1aabc5bacb6f1115d724e58ae9fff8777a0b6
SHA256

d8baa7420e8c76760daca3f862e6c308e166e07d4f5665f93e3935eecfa6445d
SHA512

f8c9c2e14702f56e96c7e56ad00d25b068b7e0cd57e6860487cd50dfedf2cf2ac63ee919c627f0b8100974d290c94848ca34af0b0d673b0c8740bb567b0676e3
SSDEEP

24576:eN65zcy+mqnpb00RTEhg6MNa/dw+csZGuv/ON6D7o5MQ9JmArTNPLNRoc:eJbLqc48gv/gaOEJAr7Roc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4840	4972	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 4972	4520	rundll32.exe	81
PID 4520 wrote to memory of 4972	4520	rundll32.exe	81
PID 4520 wrote to memory of 4972	4520	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8baa7420e8c76760daca3f862e6c308e166e07d4f5665f93e3935eecfa6445d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8baa7420e8c76760daca3f862e6c308e166e07d4f5665f93e3935eecfa6445d.dll,#1
  2⤵
  PID:4972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 652
    3⤵
    - Program crash
    PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4972 -ip 4972
1⤵
PID:4556

memory/4972-0-0x0000000010000000-0x0000000010219000-memory.dmp

Filesize
2.1MB

Download
memory/4972-1-0x0000000075050000-0x0000000075265000-memory.dmp

Filesize
2.1MB

Download