20d2ab769028eb9ada0c84a92a5efb0bd5327aa0697ecd56d6e2e3f234ac2e4b

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 19:37

Target

20d2ab769028eb9ada0c84a92a5efb0bd5327aa0697ecd56d6e2e3f234ac2e4b.dll
Size

2.1MB
MD5

294dba89466abdf946ea5f530745c20d
SHA1

fc09623b0a0fbad91c3584373e735db81e70f3d3
SHA256

20d2ab769028eb9ada0c84a92a5efb0bd5327aa0697ecd56d6e2e3f234ac2e4b
SHA512

49a45700231f15ba5985e5ea90867fd91a171f064e3d9aab58fdcfbe0ac76461c4630aa906bff64d2ede28ffbb2f419d3a6fe2d664aadc51d64de336f95721e6
SSDEEP

49152:vcz84B8m/mJoQAXJmxmEfZOkNPSTqctjRTDpJMM2:k7qm/eMc3PSTqsL52

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2848	4368	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4368	2364	rundll32.exe	86
PID 2364 wrote to memory of 4368	2364	rundll32.exe	86
PID 2364 wrote to memory of 4368	2364	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20d2ab769028eb9ada0c84a92a5efb0bd5327aa0697ecd56d6e2e3f234ac2e4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20d2ab769028eb9ada0c84a92a5efb0bd5327aa0697ecd56d6e2e3f234ac2e4b.dll,#1
  2⤵
  PID:4368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 560
    3⤵
    - Program crash
    PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4368 -ip 4368
1⤵
PID:4860