800ca170ca8157ea8484c26bcce204b8c7b99da606c41b323ebdb36849ebddd8

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 10:12

Target

800ca170ca8157ea8484c26bcce204b8c7b99da606c41b323ebdb36849ebddd8.dll
Size

234KB
MD5

a77e6a539d3aac43e75f0d127773ebe2
SHA1

a72a383c11c5b7dd73c3d693f300e3e68e526687
SHA256

800ca170ca8157ea8484c26bcce204b8c7b99da606c41b323ebdb36849ebddd8
SHA512

0b25624bd6d32f43d25f2dfe3ff2fa9ee56558a29ebe6634a7274973a9f55d93456731487d7b884176954c5fe01129dfa312ed9156bbccef73069f736170c86e
SSDEEP

3072:n3vli2EJv1RBuZH3JxgYhgipvLKoTte0SqoOCtA21/wlULGs7jnZdFjdU9T5DO7:n3vyJNRkZHBvZp0qoOCu2pkojnZHj8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4476	3916	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3916	2748	rundll32.exe	84
PID 2748 wrote to memory of 3916	2748	rundll32.exe	84
PID 2748 wrote to memory of 3916	2748	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\800ca170ca8157ea8484c26bcce204b8c7b99da606c41b323ebdb36849ebddd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\800ca170ca8157ea8484c26bcce204b8c7b99da606c41b323ebdb36849ebddd8.dll,#1
  2⤵
  PID:3916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 640
    3⤵
    - Program crash
    PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 3916 -ip 3916
1⤵
PID:4116