83dab3b5bda3df2b9091f4aede936395c8a52710faf85db62b609ec2f03680e7

Analysis

max time kernel
33s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2023 03:18

Target

83dab3b5bda3df2b9091f4aede936395c8a52710faf85db62b609ec2f03680e7.dll
Size

1.2MB
MD5

80b95aaedf26c1813cb449180cc02be9
SHA1

31cbd2ebb020ca887e323af9144625f4a39cf37f
SHA256

83dab3b5bda3df2b9091f4aede936395c8a52710faf85db62b609ec2f03680e7
SHA512

4ed2fb47f7d38fe2e64664c1e87980dadb9b27fd583c33198fcc6f931d90aef6b73f5f8887ae2d74396b024eb5a00ac52006f4d0620fe1709ab33db9310a070c
SSDEEP

24576:dLTk9a8B7nunRAFG1Tl3ZR/Oy9kT3VrKquPgGLFcaODPPU:dLT4L1uRJZl6y9kT3UokqLU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5080	4520	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4520	5100	rundll32.exe	85
PID 5100 wrote to memory of 4520	5100	rundll32.exe	85
PID 5100 wrote to memory of 4520	5100	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83dab3b5bda3df2b9091f4aede936395c8a52710faf85db62b609ec2f03680e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\83dab3b5bda3df2b9091f4aede936395c8a52710faf85db62b609ec2f03680e7.dll,#1
  2⤵
  PID:4520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 580
    3⤵
    - Program crash
    PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4520 -ip 4520
1⤵
PID:4064

memory/4520-0-0x0000000074DA0000-0x0000000074ED0000-memory.dmp

Filesize
1.2MB

Download
memory/4520-1-0x00000000752B0000-0x00000000754C5000-memory.dmp

Filesize
2.1MB

Download
memory/4520-3875-0x0000000074DA0000-0x0000000074DAF000-memory.dmp

Filesize
60KB

Download