42f1df4d3a2c07e936f30bb587cfc3b192c7f9127cc5128c42ee2ae4f8fca6ad

Analysis

max time kernel
113s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2023 23:46

Target

asc0ZnSw8AoUd2.dll
Size

332KB
MD5

3f40761e9ff3f61fedf991118fa09ef1
SHA1

70fe5b59155fbfddb082969270c348f2de136675
SHA256

42f1df4d3a2c07e936f30bb587cfc3b192c7f9127cc5128c42ee2ae4f8fca6ad
SHA512

728cde32518505789b7111b320764ed9eaf38bb8e45d773092d3c76f4472481e03bcf82f6b91ce658206bed0e23bced04b77aa72dc1a35b76dc496bc26559672
SSDEEP

6144:HGttsygB2RWc0sVk5k6A4s9FGMReiD4DmEk5cci4j5zLgSdsK:mttsygB2RWc0sV6k6AbDGSPzqciwpPd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4164	1668	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1668	4928	rundll32.exe	85
PID 4928 wrote to memory of 1668	4928	rundll32.exe	85
PID 4928 wrote to memory of 1668	4928	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\asc0ZnSw8AoUd2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\asc0ZnSw8AoUd2.dll,#1
  2⤵
  PID:1668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 600
    3⤵
    - Program crash
    PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1668 -ip 1668
1⤵
PID:3972