1d3de0f2baaa83ecc629ab68922321853582832216de8f6f878287d31a79557b

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2023, 02:24

Target

1d3de0f2baaa83ecc629ab68922321853582832216de8f6f878287d31a79557b.dll
Size

2.7MB
MD5

43f525d2045d944a6f31349e20f92380
SHA1

afcca4305e8bde18578204b61980927e799308d5
SHA256

1d3de0f2baaa83ecc629ab68922321853582832216de8f6f878287d31a79557b
SHA512

2e935036e9ab7518fca39aeb6ae2ff1da0248ac16a07580c3910c2448557e93b26cf514cd4341644d1b45febbf3e91d176f27adff0903ee965b49f500709c0cd
SSDEEP

49152:3dzMIvaXHMyMpVsI7+qAvSHZjPsvJVU6t/fGNXGmHv6osQ+qHpjUhc7szQ4CruGz:3dwIiXMyGVZ+qAqHZCOW/fUGmHC7Q+qf

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4240	4188	WerFault.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4188	rundll32.exe
4188	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 4188	2564	rundll32.exe	83
PID 2564 wrote to memory of 4188	2564	rundll32.exe	83
PID 2564 wrote to memory of 4188	2564	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d3de0f2baaa83ecc629ab68922321853582832216de8f6f878287d31a79557b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d3de0f2baaa83ecc629ab68922321853582832216de8f6f878287d31a79557b.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 792
    3⤵
    - Program crash
    PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4188 -ip 4188
1⤵
PID:2036

memory/4188-133-0x0000000075040000-0x000000007555A000-memory.dmp

Filesize
5.1MB

Download
memory/4188-137-0x0000000075040000-0x000000007555A000-memory.dmp

Filesize
5.1MB

Download
memory/4188-138-0x0000000075040000-0x000000007555A000-memory.dmp

Filesize
5.1MB

Download
memory/4188-139-0x0000000002870000-0x0000000002904000-memory.dmp

Filesize
592KB

Download
memory/4188-140-0x0000000003B70000-0x0000000003BE4000-memory.dmp

Filesize
464KB

Download
memory/4188-141-0x0000000003D10000-0x0000000003D1F000-memory.dmp

Filesize
60KB

Download
memory/4188-142-0x0000000003D30000-0x0000000003DE9000-memory.dmp

Filesize
740KB

Download
memory/4188-143-0x0000000003DF0000-0x0000000003E8B000-memory.dmp

Filesize
620KB

Download
memory/4188-144-0x0000000003E90000-0x000000000410E000-memory.dmp

Filesize
2.5MB

Download
memory/4188-145-0x0000000004190000-0x00000000041B9000-memory.dmp

Filesize
164KB

Download
memory/4188-146-0x0000000075040000-0x000000007555A000-memory.dmp

Filesize
5.1MB

Download