46f9a41b03db8c810bceebaeb119950adeb1559253a3ef2b33bffa029bbd3bfb

Analysis

max time kernel
121s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 08:47

Target

46f9a41b03db8c810bceebaeb119950adeb1559253a3ef2b33bffa029bbd3bfb.dll
Size

289KB
MD5

e2aee083e81a19cd8d1f863a602a505e
SHA1

0bcb07725ab61eebf99612b8471cb235df9054ab
SHA256

46f9a41b03db8c810bceebaeb119950adeb1559253a3ef2b33bffa029bbd3bfb
SHA512

5da2c9a75d130cb39b576860005e635b9cd10f5e26ebde0e612aa472611839ee71577d736e699e999cc9411154f4b5a50a935c66c1e9008a63255d0479a2278d
SSDEEP

6144:mpgyF1dc8Ia/KJVENq8OLchAO1TBG8x8gN9NQ2IK:mpzF1ONa/KQfKqXTg8x8gN9y2IK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3352	1620	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1620	1436	rundll32.exe	85
PID 1436 wrote to memory of 1620	1436	rundll32.exe	85
PID 1436 wrote to memory of 1620	1436	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46f9a41b03db8c810bceebaeb119950adeb1559253a3ef2b33bffa029bbd3bfb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46f9a41b03db8c810bceebaeb119950adeb1559253a3ef2b33bffa029bbd3bfb.dll,#1
  2⤵
  PID:1620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 616
    3⤵
    - Program crash
    PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1620 -ip 1620
1⤵
PID:3252