d8808ec9ed6a59fd3fae68f795d53e36ad604f94c1e459160fa0ac62e9305f2c

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 19:18

Target

0b5756e0ea5d57exe_JC.dll
Size

205KB
MD5

0b5756e0ea5d5728455dee847371b574
SHA1

af7d1ee4512d339ca0d4dd9a3e52387336d24870
SHA256

d8808ec9ed6a59fd3fae68f795d53e36ad604f94c1e459160fa0ac62e9305f2c
SHA512

9a0396b11cf8ebcaddedc0dfb2efa25762fee938f90b1d570991619524f69f9e3c386b76708aaf8833f3d44b3df6cc3d1383a241a2459a6ed5a99efc26e1c9a3
SSDEEP

3072:IBaK6WeIBEkOM4tDo8C0Y/9fdlq1TQ3VxLylm6jixvjEUhJ5Q:IBaGBEzMiDo8CFVHq1TQ3CjixjJ

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
548	4812	WerFault.exe	85
1724	4812	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4812	3020	rundll32.exe	85
PID 3020 wrote to memory of 4812	3020	rundll32.exe	85
PID 3020 wrote to memory of 4812	3020	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5756e0ea5d57exe_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5756e0ea5d57exe_JC.dll,#1
  2⤵
  PID:4812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 620
    3⤵
    - Program crash
    PID:548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 792
    3⤵
    - Program crash
    PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4812 -ip 4812
1⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4812 -ip 4812
1⤵
PID:1376