e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 02:20

Target

e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll
Size

2.3MB
MD5

beb9818a70cd71a7bcd8018363d171b3
SHA1

7d3c569ebd7b51f8e172cc859be30c20b7c160c9
SHA256

e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8
SHA512

41aac54b2de5822bccd48e8aa7c22f1532caaf1e14a5403dcd8f7bb125f7d5e0743f812d71b9acb810c3e1f72c10a181333071c642e3e34f1e1f120afbc46446
SSDEEP

24576:R+HKqQzIVAm7ABCK30SYjzomOsGZjCByf7I3VF8V5IUTpkXQEx+orO8m0vhi5Cb4:RgImU0QExpiWe0pEb2Kr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4972	1588	WerFault.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1588	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1588	2136	rundll32.exe	82
PID 2136 wrote to memory of 1588	2136	rundll32.exe	82
PID 2136 wrote to memory of 1588	2136	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 732
    3⤵
    - Program crash
    PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1588 -ip 1588
1⤵
PID:1596