2cd9cdff35721bec19a11a3ab414760cda48817e04b69fbdb49b2b84f9a21f3d

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 21:05

Target

2cd9cdff35721bec19a11a3ab414760cda48817e04b69fbdb49b2b84f9a21f3d.dll
Size

14.5MB
MD5

eb110cae198437905ac9739703e9ee35
SHA1

b6491721a2c89242621398f0461db81d82a02a2d
SHA256

2cd9cdff35721bec19a11a3ab414760cda48817e04b69fbdb49b2b84f9a21f3d
SHA512

572be29bfb7be63dae7cb79c4b40423e77c18e3d62cc1ade57ff8daa46f9bb677a50b8b895bb6387a42d42496231fd0ed2ee7ccaeb152e967612779023ca2433
SSDEEP

196608:bUoBYWguWIJdcXGn3LWU9ptfd8tM2iZeSTsOI8VGfd8tM2iFWJJPy:bUoBYNuWIDXb5t132OwORVG132MSJPy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3656	488	WerFault.exe	82

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
488	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 488	1912	rundll32.exe	82
PID 1912 wrote to memory of 488	1912	rundll32.exe	82
PID 1912 wrote to memory of 488	1912	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cd9cdff35721bec19a11a3ab414760cda48817e04b69fbdb49b2b84f9a21f3d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cd9cdff35721bec19a11a3ab414760cda48817e04b69fbdb49b2b84f9a21f3d.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 720
    3⤵
    - Program crash
    PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 488 -ip 488
1⤵
PID:4724