edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057

Analysis

max time kernel
133s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-07-2023 14:29

Target

SecuriteInfo.com.Win32.PWSX-gen.10084.dll
Size

14KB
MD5

f3fdd4b1c32be9414c5b8709d25f2c9b
SHA1

ab90b5e3599a81d7e27d568fb986c09e398f1d00
SHA256

edcb25c8185dfe64d75333c78beac8533745dc6edfe34cfad75d0bd3bca6b057
SHA512

92234f1829a5aed8e02ccd06d850de439889d6757ce00cedbd83177b691bfb5c9458c3d334f474ccde9ddf76be1b4b2e80735fd34d9753dcc62fa92afbaa6de5
SSDEEP

384:FeK7ut3TtJLQb5z8T5abu6yaKCOzswLNQFMD1:IxTtVQ98lfWOzswLWC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4932	3076	WerFault.exe	75

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3076	3440	rundll32.exe	75
PID 3440 wrote to memory of 3076	3440	rundll32.exe	75
PID 3440 wrote to memory of 3076	3440	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.10084.dll,#1
  2⤵
  PID:3076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 660
    3⤵
    - Program crash
    PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3076 -ip 3076
1⤵
PID:3332