95be4e37b989a395398f7d3ac085f01b76a668f44252ffa0e4b21f78a9f38da3

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 04:37

Target

95be4e37b989a395398f7d3ac085f01b76a668f44252ffa0e4b21f78a9f38da3.dll
Size

4.0MB
MD5

9947abfe62bfe0742f552f611125a2c4
SHA1

23732a61f1fbed165b49c8ff76516a89391a5240
SHA256

95be4e37b989a395398f7d3ac085f01b76a668f44252ffa0e4b21f78a9f38da3
SHA512

7fe138930c11d6b7f146f228a06d21cec265656c1e77dc5a66ce0736fbcde93903960626f26c4c9b3553bdb84a21fb550f7f643f4361134ec7017a86e2138cfe
SSDEEP

98304:dFgNfLKHcpGsCh+vyU/PukYqBFpO9zaCP5hqzzP8ky+f9DuLGz5:opLDM9RUYqBfO9nP5GIky+f9qLC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2008	1964	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1964	1304	rundll32.exe	84
PID 1304 wrote to memory of 1964	1304	rundll32.exe	84
PID 1304 wrote to memory of 1964	1304	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95be4e37b989a395398f7d3ac085f01b76a668f44252ffa0e4b21f78a9f38da3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95be4e37b989a395398f7d3ac085f01b76a668f44252ffa0e4b21f78a9f38da3.dll,#1
  2⤵
  PID:1964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 636
    3⤵
    - Program crash
    PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1964 -ip 1964
1⤵
PID:2100

memory/1964-133-0x0000000074C70000-0x0000000075427000-memory.dmp

Filesize
7.7MB

Download