fab4246d3832a7ad05ef3c017815271d2703b48e7c33573d0743f726d05f512a

Analysis

max time kernel
155s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 07:06

Target

fab4246d3832a7ad05ef3c017815271d2703b48e7c33573d0743f726d05f512a.dll
Size

3.3MB
MD5

c3ba51b73afe5074e1aaa8bd0c5e8480
SHA1

10a3aa0a1b1f6418c75ed62efa870a66faff336c
SHA256

fab4246d3832a7ad05ef3c017815271d2703b48e7c33573d0743f726d05f512a
SHA512

a7b6b991ae360ec83848a1424a434686951c2abb806098f3bd345d48903b025a58293aed513aa48962b25e7f89d86190738616c88ae1bdf164a17712df64ba9a
SSDEEP

98304:bjVoGYH/e74/UF4veOzWUdI2yWrY9zFLOAkGkzdnEVomFHKnPV:HzLUVdI2yWrKFLOyomFHKnP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1780	380	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 380	3236	rundll32.exe	89
PID 3236 wrote to memory of 380	3236	rundll32.exe	89
PID 3236 wrote to memory of 380	3236	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fab4246d3832a7ad05ef3c017815271d2703b48e7c33573d0743f726d05f512a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fab4246d3832a7ad05ef3c017815271d2703b48e7c33573d0743f726d05f512a.dll,#1
  2⤵
  PID:380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 668
    3⤵
    - Program crash
    PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 380 -ip 380
1⤵
PID:4312