2b7635b3499757f4bfb3d53f325239299a6076e5dbfaeb47532e9e0d45508802

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2023, 12:45

Target

2b7635b3499757f4bfb3d53f325239299a6076e5dbfaeb47532e9e0d45508802.dll
Size

2.1MB
MD5

427a4628f6bad80a45cc9a88fe0e456c
SHA1

98d4104ab3ebd915e9ae52924e141f2a8cb1e359
SHA256

2b7635b3499757f4bfb3d53f325239299a6076e5dbfaeb47532e9e0d45508802
SHA512

ef149a97d2fe9758d6ca2c75857d7449c743d58e9f584237cc8fa12b722c5c478bdd8816cfa9d76b544371d9a0e25c0c0d93a0e9841ade3661b6de7e21fec5d4
SSDEEP

49152:y8feI79oK2+UrHv31PCbhJ/P0BDpinATs75a78tM:y8D7WK2r/tBBDpgh08tM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4180	3220	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 3220	2732	rundll32.exe	85
PID 2732 wrote to memory of 3220	2732	rundll32.exe	85
PID 2732 wrote to memory of 3220	2732	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b7635b3499757f4bfb3d53f325239299a6076e5dbfaeb47532e9e0d45508802.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b7635b3499757f4bfb3d53f325239299a6076e5dbfaeb47532e9e0d45508802.dll,#1
  2⤵
  PID:3220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 564
    3⤵
    - Program crash
    PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3220 -ip 3220
1⤵
PID:4964