ac3c8963be5b5296478d1bfe350784176e164c3b0c62fcd323b9811cb9624342

Analysis

max time kernel
127s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 18:47

Target

ac3c8963be5b5296478d1bfe350784176e164c3b0c62fcd323b9811cb9624342.dll
Size

2.1MB
MD5

bc06e562cc02b51c72cd71fb1b6c2b6c
SHA1

5609ec2233d71187e544faa77e312ebee287c203
SHA256

ac3c8963be5b5296478d1bfe350784176e164c3b0c62fcd323b9811cb9624342
SHA512

a4f26acef59f70c5b6de59b625d5a8ed152329e89439d871bdee0ab4703bf528acf8dbcded162d27f38ec4fe90729e157f4064405efb8fe769b73fd9a4a9baff
SSDEEP

49152:y8feI79oK2lUrHv31PDbhJ/P0BDpinATs75a78ty:y8D7WK2Y/t4BDpgh08ty

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
844	384	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 384	3868	rundll32.exe	81
PID 3868 wrote to memory of 384	3868	rundll32.exe	81
PID 3868 wrote to memory of 384	3868	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac3c8963be5b5296478d1bfe350784176e164c3b0c62fcd323b9811cb9624342.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac3c8963be5b5296478d1bfe350784176e164c3b0c62fcd323b9811cb9624342.dll,#1
  2⤵
  PID:384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 560
    3⤵
    - Program crash
    PID:844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 384 -ip 384
1⤵
PID:2744