d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2023 17:49

Target

d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll
Size

208KB
MD5

4f2a9a8f21396df7187d6be0e0fac136
SHA1

4536ce867403c88869ddd20fece011275b0d18b0
SHA256

d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0
SHA512

d980a0fd4f95e0439e97b401c6e64d994dada8862c108f9a66e8462bfe716d7b118cb843d41f03b9795df7d9af22f5e0a2d84ef5b156184887848540f76dcc6b
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUTY58:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1812 2660 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1812	2660	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 948 wrote to memory of 2660	948	rundll32.exe	rundll32.exe
PID 948 wrote to memory of 2660	948	rundll32.exe	rundll32.exe
PID 948 wrote to memory of 2660	948	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b6158d598c5a364e241f6e38d7f2136120a5e8f2c972bd3fb43f2f44c667b0.dll,#1
2⤵
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 640
3⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2660 -ip 2660
1⤵
PID:4112