ae9e9d8d4b05f5f39b999b4d611abe8d7462fbd9773113409a262b05826ae9e9

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 14:36

Target

ae9e9d8d4b05f5f39b999b4d611abe8d7462fbd9773113409a262b05826ae9e9.dll
Size

2.5MB
MD5

848278461a32799fd8aa3e2ccb1491ba
SHA1

039d4c92f04bb9f488eb8f3bd67dbf2969650e53
SHA256

ae9e9d8d4b05f5f39b999b4d611abe8d7462fbd9773113409a262b05826ae9e9
SHA512

6b2c9fd458dd9f9d211a23b56427eb80b16476b74e38b45fa7c376b36bb19e3332dc86928d3c2036cae319c7dba25d8976774a014e3770a2bf5845aae8301426
SSDEEP

49152:+7PoshxYW1UwVr4CPF9tLvjxc7vXK906+8h4yob9EQi:+0+xYWXbtLvjSv78Sy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2868	2176	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 2176	3768	rundll32.exe	81
PID 3768 wrote to memory of 2176	3768	rundll32.exe	81
PID 3768 wrote to memory of 2176	3768	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae9e9d8d4b05f5f39b999b4d611abe8d7462fbd9773113409a262b05826ae9e9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae9e9d8d4b05f5f39b999b4d611abe8d7462fbd9773113409a262b05826ae9e9.dll,#1
  2⤵
  PID:2176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 668
    3⤵
    - Program crash
    PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2176 -ip 2176
1⤵
PID:1048