212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6

Resubmissions

21-06-2023 13:07

20-06-2023 06:50

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2023 13:07

Target

1fb0c8b5d8ef25661fb0f89d676e2e49.dll
Size

1.2MB
MD5

1fb0c8b5d8ef25661fb0f89d676e2e49
SHA1

1b284a2b2ab3c733603a702320d9c55c3b74bd91
SHA256

212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6
SHA512

a8033e6c6beac49a166f500b9991bfcff43be42d6579062ffd11f147a3c016ccb1f2de9b217f18e4ba00dd6acd0d9a8e898666acd885344e37cabc9b4ad297a3
SSDEEP

24576:V88Kjwqgo6dmg6XKZz0AUfOwZbB2aBnRLI151E/BgXRzyCF7z7vb:u7+ZU3TODE/CdPb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4280	2116	WerFault.exe	80

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 644	3908	cmd.exe	92
PID 3908 wrote to memory of 644	3908	cmd.exe	92
PID 3908 wrote to memory of 3644	3908	cmd.exe	93
PID 3908 wrote to memory of 3644	3908	cmd.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb0c8b5d8ef25661fb0f89d676e2e49.dll,#1
1⤵
PID:2116
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2116 -s 328
  2⤵
  - Program crash
  PID:4280

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 2116 -ip 2116
1⤵
PID:1164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4548

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Windows\system32\rundll32.exe
  rundll32.exe 1fb0c8b5d8ef25661fb0f89d676e2e49.dll eOXScagaNKe
  2⤵
  PID:644
- C:\Windows\system32\rundll32.exe
  rundll32.exe 1fb0c8b5d8ef25661fb0f89d676e2e49.dll PcYge9j
  2⤵
  PID:3644