54c536e9f4148b5388721f86b50d78630f011f1919d080d753ed8ccfa1d0e999

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 12:57

Target

ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/oUjg4Ng.dll
Size

855KB
MD5

80528527df5b3bd11fabbc72dc9716d5
SHA1

06f2a003faa1b9137081e45c73f4be5965985c16
SHA256

574cc6f3726ab64b24fef1f70f253f2baca230fd190e15ef996fd75cdf705d46
SHA512

cb99504eb688f766329ccad8a3ae3b2e5c41b1a775c24812b3c5402f7cc8ede969adfc2ac6fc5b538775a6ff882cee3bb4791e660a555b8f20bfcf381620211f
SSDEEP

12288:/xZuHO3MEug1escxysaxiSQfHx4j6gmQPnMRo0XzZjnXh4SzxxWi7+m51:KHOtujby1kRsYQPnuRZT7+m51

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	3368	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 3368	916	rundll32.exe	87
PID 916 wrote to memory of 3368	916	rundll32.exe	87
PID 916 wrote to memory of 3368	916	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ZPI\WJBn\9RX\lwam\RC\pfr\hU\0G\taO\nCxX\nue\oUjg4Ng.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ZPI\WJBn\9RX\lwam\RC\pfr\hU\0G\taO\nCxX\nue\oUjg4Ng.dll,#1
  2⤵
  PID:3368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 552
    3⤵
    - Program crash
    PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3368 -ip 3368
1⤵
PID:524