3d160a9175a4846b5d6b2b6819746113053346506d40911d06df6afb7bccc47c

Analysis

max time kernel
62s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 17:48

Target

aSxBaqnfj98wzvPA4.dat.dll
Size

982KB
MD5

7cedf8d750a0a1b8a6493920dee17303
SHA1

e757f40759b048a22282293330edeb6aa8e9d27e
SHA256

3d160a9175a4846b5d6b2b6819746113053346506d40911d06df6afb7bccc47c
SHA512

b8590fc093476bf41959f86bb51fca65cd9319110e91262a65f41de753f359214f1d5f21f6b9531d2f87f602d3efa8fa99388843331a30355dacfb704c58a581
SSDEEP

12288:JPhXOLjpSMgEceTsGzh9xj0J3buLxUfhtsYiw4JfRf3iG+5smptXWZNSN:ph+LjpS0co2J32Os1wo7CfYZNSN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5000	4012	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4012	4300	rundll32.exe	83
PID 4300 wrote to memory of 4012	4300	rundll32.exe	83
PID 4300 wrote to memory of 4012	4300	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aSxBaqnfj98wzvPA4.dat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aSxBaqnfj98wzvPA4.dat.dll,#1
  2⤵
  PID:4012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 616
    3⤵
    - Program crash
    PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4012 -ip 4012
1⤵
PID:4288

memory/4012-133-0x0000000010000000-0x0000000010187000-memory.dmp

Filesize
1.5MB

Download