1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2023 20:27

Target

1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll
Size

2.1MB
MD5

bda1dc1f1131d3644352b697bac4b68f
SHA1

8acf49f9a2c323e88e110de9ec2e554bc268a336
SHA256

1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d
SHA512

5fe12599ca09221bebc7a41d2e24f1ffb3628b4fc74bbcbf202740eb64ec7b57fe8e9b71ebd29cbfc1bbdea04690c8426887f0731ed4a9deadbed1f578567c43
SSDEEP

49152:vcz84Bom/mJoQAXJmhmEfZOkNPSTqctjRTDpJMMx:k7Wm/eMcnPSTqsL5x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3428	1448	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1448	2008	rundll32.exe	79
PID 2008 wrote to memory of 1448	2008	rundll32.exe	79
PID 2008 wrote to memory of 1448	2008	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll,#1
  2⤵
  PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 560
    3⤵
    - Program crash
    PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1448 -ip 1448
1⤵
PID:4408