5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 18:45

Target

5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll
Size

205KB
MD5

234145d58d465ef5bbc2ea3144657321
SHA1

7727df6c493bd468f958cf7fd5fdfa27896c897c
SHA256

5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b
SHA512

20165a989831d031317c82e7dbeaaa275d169bbe78d4f4917c14615793ee9e9ed8b52a700f68d062ea7813ba5a278e9e17694e16499e2ca4034e8f2b4165c1f5
SSDEEP

3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUY5PU+:v/MEfuN0t8C5oFsoeRM3o0jZ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4652 4808 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4652	4808	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3164 wrote to memory of 4808	3164	rundll32.exe	rundll32.exe
PID 3164 wrote to memory of 4808	3164	rundll32.exe	rundll32.exe
PID 3164 wrote to memory of 4808	3164	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e1af6ef32e505fcbc70fcef4595d2ca721fa5f8efae27f97cb070a6dee9388b.dll,#1
2⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 632
3⤵
- Program crash
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4808 -ip 4808
1⤵
PID:2708