d603b6da8d002f9569eac7cb86b29d9f55affbe7e0d54ce4bad97aa8ae7dca62

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 00:56

Target

d603b6da8d002f9569eac7cb86b29d9f55affbe7e0d54ce4bad97aa8ae7dca62.dll
Size

1.2MB
MD5

f8d9f4eb8748e59a26d38aa7fd7b441f
SHA1

3bdf82106aa58f64fc0c7fcdb0dadcfa6c402cef
SHA256

d603b6da8d002f9569eac7cb86b29d9f55affbe7e0d54ce4bad97aa8ae7dca62
SHA512

0c48893c4c91002aebd4ac6abda9990d134de2205ff8dbb2c4f062053f7fe523a1d106b68641216f5f551cb51edc1d08963d79e5a11d9511bab8dd91475605e0
SSDEEP

24576:rHAjdFzL81UekoDHztxJ8sFwhzssWJ1AYJg6ykwEVYzgLZ:TY/A1UekoDHxxJ81pJWjAWulES0LZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2984	3996	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3996	464	rundll32.exe	81
PID 464 wrote to memory of 3996	464	rundll32.exe	81
PID 464 wrote to memory of 3996	464	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d603b6da8d002f9569eac7cb86b29d9f55affbe7e0d54ce4bad97aa8ae7dca62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d603b6da8d002f9569eac7cb86b29d9f55affbe7e0d54ce4bad97aa8ae7dca62.dll,#1
  2⤵
  PID:3996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 576
    3⤵
    - Program crash
    PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3996 -ip 3996
1⤵
PID:1472

memory/3996-0-0x0000000074880000-0x00000000749AE000-memory.dmp

Filesize
1.2MB

Download
memory/3996-1-0x0000000075BD0000-0x0000000075DE5000-memory.dmp

Filesize
2.1MB

Download
memory/3996-3875-0x0000000074880000-0x000000007488F000-memory.dmp

Filesize
60KB

Download