b191980a6f109e4bb52f653b0afdc8863be085bcc3ca2cb05ab8e49f100eb850

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 11:01

Target

b191980a6f109e4bb52f653b0afdc8863be085bcc3ca2cb05ab8e49f100eb850.dll
Size

930KB
MD5

b8d535bc3c5fa603df20854ca5ed3fee
SHA1

daa08bcb80a7f4009d68cb720a453a932ffcd825
SHA256

b191980a6f109e4bb52f653b0afdc8863be085bcc3ca2cb05ab8e49f100eb850
SHA512

9175b413ea398d1e0b87235ca0f9dcefcc88f2eb1e4604bc10f20f58c8b7d871e2f35be65a48ef35185fd2dc45aa9f81cdd94fa4ee019d4aadccb9d91c6e8dbf
SSDEEP

12288:rSp+4nJD3WwEEbSKMmUMOFbha3x0bgCC1LEw:rw+4nJSwERKMhMOMxUCS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3244	4940	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 4940	1012	rundll32.exe	81
PID 1012 wrote to memory of 4940	1012	rundll32.exe	81
PID 1012 wrote to memory of 4940	1012	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b191980a6f109e4bb52f653b0afdc8863be085bcc3ca2cb05ab8e49f100eb850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b191980a6f109e4bb52f653b0afdc8863be085bcc3ca2cb05ab8e49f100eb850.dll,#1
  2⤵
  PID:4940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 644
    3⤵
    - Program crash
    PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4940 -ip 4940
1⤵
PID:3876

memory/4940-0-0x0000000075310000-0x0000000075404000-memory.dmp

Filesize
976KB

Download