42b1d5b2317e7f109721e18107c9945960459b6c03f6dcc847a44ab16a8bf7b8

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 09:49

Target

42b1d5b2317e7f109721e18107c9945960459b6c03f6dcc847a44ab16a8bf7b8.dll
Size

85KB
MD5

d54daff4f3e19d1a0d66c37b6fdfe21a
SHA1

c234623faa17d4b8ee525af39ba91a96fb68a6de
SHA256

42b1d5b2317e7f109721e18107c9945960459b6c03f6dcc847a44ab16a8bf7b8
SHA512

e5e966190e121ac554c385af396f7412f877d5f7d71d4b72fe67c187c1313d3cb5279e3a41b1458eeb69893fefb34c3ec8947e8f779409653fe2bbb9a0c5af8a
SSDEEP

1536:ub3+rUFlFoZdCW3M6E3LiZK2iKgFlBeQnNsWAcdwBmQwgOE63YMzvZ:ub3+rxw93LiZK2KBwBOgOE6rzv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3840	2868	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 2868	3240	rundll32.exe	81
PID 3240 wrote to memory of 2868	3240	rundll32.exe	81
PID 3240 wrote to memory of 2868	3240	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42b1d5b2317e7f109721e18107c9945960459b6c03f6dcc847a44ab16a8bf7b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42b1d5b2317e7f109721e18107c9945960459b6c03f6dcc847a44ab16a8bf7b8.dll,#1
  2⤵
  PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 624
    3⤵
    - Program crash
    PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2868 -ip 2868
1⤵
PID:4840