0efeb4db9f2bc7f9c6d052355482a5f0c2e1d5e36c1d693b39fcbbdc36d1a3c8

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 02:15

Target

0efeb4db9f2bc7f9c6d052355482a5f0c2e1d5e36c1d693b39fcbbdc36d1a3c8.dll
Size

2.1MB
MD5

0af3891a2f9b5d34dfa835ceb6870933
SHA1

cbafdfddb661a9419daf864c07191cd7244ec5f6
SHA256

0efeb4db9f2bc7f9c6d052355482a5f0c2e1d5e36c1d693b39fcbbdc36d1a3c8
SHA512

15d24dff4bdf7360f8d11785c448390ef35641eaeb3d3a9effe8c5a9f1c7f5a3ccd87448680a60c468da697c9d64f0617b47fe8aaaf7457fb3210d2a852f052d
SSDEEP

49152:vcz84B8m/mJoQAXJmJmEfZOkNPSTqctjRTDpJMM2:k7qm/eMcfPSTqsL52

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4984	996	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 996	3368	rundll32.exe	82
PID 3368 wrote to memory of 996	3368	rundll32.exe	82
PID 3368 wrote to memory of 996	3368	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0efeb4db9f2bc7f9c6d052355482a5f0c2e1d5e36c1d693b39fcbbdc36d1a3c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0efeb4db9f2bc7f9c6d052355482a5f0c2e1d5e36c1d693b39fcbbdc36d1a3c8.dll,#1
  2⤵
  PID:996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 560
    3⤵
    - Program crash
    PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 996 -ip 996
1⤵
PID:1260