c10bedfcfb0143b99f3bd7cd5333009a80c7dd973d4f14ad61bc317cc336d74f

Analysis

max time kernel
116s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2023, 03:28

Target

c10bedfcfb0143b99f3bd7cd5333009a80c7dd973d4f14ad61bc317cc336d74f.dll
Size

2.6MB
MD5

9c053adefe596db67aec2455ddc76754
SHA1

e68a09adad937d20e62b19c129c81f21e7d5f2bf
SHA256

c10bedfcfb0143b99f3bd7cd5333009a80c7dd973d4f14ad61bc317cc336d74f
SHA512

2d4dbdb4eb967b13d8a831b0e97254e8dfd722081f2aca63eb5cffe9a04e627ed7e90d8dca282b2ce3e2b9580caa9a1daaee2d147bc76db5316d42389db79e46
SSDEEP

49152:s78rhRZypOZOoLCl9x5B7OHqtgMRu51vFe94cmaKa:s78rhREpYLCd5Juqu5dFeicmab

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3316	348	WerFault.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
348	rundll32.exe
348	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 348	1500	rundll32.exe	83
PID 1500 wrote to memory of 348	1500	rundll32.exe	83
PID 1500 wrote to memory of 348	1500	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c10bedfcfb0143b99f3bd7cd5333009a80c7dd973d4f14ad61bc317cc336d74f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c10bedfcfb0143b99f3bd7cd5333009a80c7dd973d4f14ad61bc317cc336d74f.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 860
    3⤵
    - Program crash
    PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 348 -ip 348
1⤵
PID:1544

memory/348-133-0x0000000074EE0000-0x00000000753FD000-memory.dmp

Filesize
5.1MB

Download
memory/348-137-0x0000000074EE0000-0x00000000753FD000-memory.dmp

Filesize
5.1MB

Download
memory/348-138-0x0000000074EE0000-0x00000000753FD000-memory.dmp

Filesize
5.1MB

Download
memory/348-139-0x0000000002630000-0x00000000026C4000-memory.dmp

Filesize
592KB

Download
memory/348-140-0x0000000003930000-0x00000000039A4000-memory.dmp

Filesize
464KB

Download
memory/348-141-0x0000000003B20000-0x0000000003B2F000-memory.dmp

Filesize
60KB

Download
memory/348-142-0x0000000003B80000-0x0000000003C39000-memory.dmp

Filesize
740KB

Download
memory/348-143-0x0000000003C40000-0x0000000003CDB000-memory.dmp

Filesize
620KB

Download
memory/348-145-0x0000000003FA0000-0x0000000003FC9000-memory.dmp

Filesize
164KB

Download
memory/348-144-0x0000000003CE0000-0x0000000003F5E000-memory.dmp

Filesize
2.5MB

Download
memory/348-146-0x0000000074EE0000-0x00000000753FD000-memory.dmp

Filesize
5.1MB

Download