a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 05:45

Target

a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll
Size

2.1MB
MD5

40fccf82b1d556ab14cd986a5a057750
SHA1

cb7e5c3187d0e01d42a6da94502911189e38b04d
SHA256

a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585
SHA512

4c9826365f572954782201a9785fd85c42920509a54cac4d9cebece5a6fa071d1fc63bbca2889d945a1b102aecf6a7eb317769e7834d4125f6518184723271a6
SSDEEP

49152:vcz84B8m/mJ+QAXJmImEfZOkNPSTqctjRTDpJMM9:k7qm/wMciPSTqsL59

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4372	4312	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4312	232	rundll32.exe	85
PID 232 wrote to memory of 4312	232	rundll32.exe	85
PID 232 wrote to memory of 4312	232	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll,#1
  2⤵
  PID:4312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 564
    3⤵
    - Program crash
    PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4312 -ip 4312
1⤵
PID:2828