fffa8530ca67a5007a4dbd2e7a4666d7051f6fb278fc4dd101b5b12b2f12e08a

Analysis

max time kernel
128s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 11:31

Target

easy_Benign_fffa8530ca67a5007a4dbd2e7a4666d7051f6fb278fc4dd101b5b12b2f12e08a.dll
Size

21KB
MD5

b30b66ae9e20bbe712d48c3d778c9ff6
SHA1

ba5ea3a9a70dc1f2787ea305b9f5329a667508bb
SHA256

fffa8530ca67a5007a4dbd2e7a4666d7051f6fb278fc4dd101b5b12b2f12e08a
SHA512

e415b0187bc532985ae8039f197b2ea89a5fbe5253c23eb4edffbe03b764b976f7eeed342e8abb77a89431b663f7f1561e2096a5bd878c0df66b9dab81dfb7df
SSDEEP

384:I2VTLRYg1GkVpV7jZApyGHXmM6kqpqjSwPpaniHKED1Tc6P4LQifbMhe:IWL2jmPGQG3C5sz0r6C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1640	2284	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2284	4600	rundll32.exe	83
PID 4600 wrote to memory of 2284	4600	rundll32.exe	83
PID 4600 wrote to memory of 2284	4600	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_fffa8530ca67a5007a4dbd2e7a4666d7051f6fb278fc4dd101b5b12b2f12e08a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_fffa8530ca67a5007a4dbd2e7a4666d7051f6fb278fc4dd101b5b12b2f12e08a.dll,#1
  2⤵
  PID:2284
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 600
    3⤵
    - Program crash
    PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2284 -ip 2284
1⤵
PID:3008

memory/2284-133-0x00000000753D0000-0x00000000753DE000-memory.dmp

Filesize
56KB

Download