332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 19:21

Target

35cfef36ede98cfaff9f31fdea3c81fb4b7defd44902896274a35121.dll
Size

171KB
MD5

d2880a1cccf7e88c221b8d5e7b0d465c
SHA1

12525d01e393e4d93acb805fcdaef3bbc4a7cba9
SHA256

332f53344cec91ce2c8ed1e2e792e953002fa25ecb8fcd952f512ab0bc367dea
SHA512

5c69efb48b08f098f48606f100cf09a603cace0953e8a8b2790d8c526383a2e71d5467b6f164e6168aa778c4c82104c7bcf46218f52d554e095780ab49e2ed4e
SSDEEP

3072:eR6C45ds/1sAUsMGbCpcAQbzFkFgjGrRzQY9:E6F6dMiAHgjc2Y9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1496	5024	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35cfef36ede98cfaff9f31fdea3c81fb4b7defd44902896274a35121.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35cfef36ede98cfaff9f31fdea3c81fb4b7defd44902896274a35121.dll,#1
  2⤵
  PID:5024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 652
    3⤵
    - Program crash
    PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5024 -ip 5024
1⤵
PID:4260