e0fed2784ab6280f6f602be319b4d4d4884778e4bfd1e88e6948a751b8523f60

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2023 07:36

Target

Setup_new/libgcc_s_dw2-1.dll
Size

117KB
MD5

043b39434829ce93637b1801d57b2082
SHA1

297b5f72104130e17d92789adbbcfab8fe700a82
SHA256

4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394
SHA512

eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf
SSDEEP

1536:8dtiUW76b2IPdo20ERT/TAnckgPfwxsNSGcHy//Rs0l6eeyB0nN0x/W08mZ9DxRw:8G66yo2zT/TGgXsavs0MdmxRw

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
1968	2860	WerFault.exe	62

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 752 wrote to memory of 2860	752	rundll32.exe	62
PID 752 wrote to memory of 2860	752	rundll32.exe	62
PID 752 wrote to memory of 2860	752	rundll32.exe	62

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup_new\libgcc_s_dw2-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup_new\libgcc_s_dw2-1.dll,#1
  2⤵
  PID:2860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 612
    3⤵
    - Program crash
    PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2860 -ip 2860
1⤵
PID:2292

memory/2860-0-0x000000006EB40000-0x000000006EB64000-memory.dmp

Filesize
144KB

Download
memory/2860-1-0x0000000064B40000-0x0000000064B5B000-memory.dmp

Filesize
108KB

Download