1c9b52356fcf36eadb9b26dc362ab9c993371aeccf424ba6831871770bb36a90

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 12:19

Target

1c9b52356fcf36eadb9b26dc362ab9c993371aeccf424ba6831871770bb36a90.dll
Size

828KB
MD5

0659204ee20fef476c7481fc643e99df
SHA1

f7cd14631c79bf8c65794d1b1e555da926609346
SHA256

1c9b52356fcf36eadb9b26dc362ab9c993371aeccf424ba6831871770bb36a90
SHA512

c1082de4e6e4e9089f943c096521f49986488c61ce2cde4d056c6d58c3699bed211aacff3bb59f88d3177dbc29a9318f83bc97e3210c5d92bb7f0e66cac4c56f
SSDEEP

12288:ddkthnyTFme/wJlapBq2LUXthlPsJRD4Z1LNiseZaUs1l2f28sS:Dk+TFmUwJkrqt9hlPs4Z1xisekus

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8	2428	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 2428	3188	rundll32.exe	82
PID 3188 wrote to memory of 2428	3188	rundll32.exe	82
PID 3188 wrote to memory of 2428	3188	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c9b52356fcf36eadb9b26dc362ab9c993371aeccf424ba6831871770bb36a90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c9b52356fcf36eadb9b26dc362ab9c993371aeccf424ba6831871770bb36a90.dll,#1
  2⤵
  PID:2428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 640
    3⤵
    - Program crash
    PID:8

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2428 -ip 2428
1⤵
PID:2828