9d953431d5c2b7c849475262abd868c18b092da510ac32fa62c1238d54c869a5

Analysis

max time kernel
185s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 23:07

Target

9d953431d5c2b7c849475262abd868c18b092da510ac32fa62c1238d54c869a5.dll
Size

1.1MB
MD5

06038b3c68d648d9409b4e0a3a317d6e
SHA1

519dfe2c768770762839dc1ec3145e5c17bd388a
SHA256

9d953431d5c2b7c849475262abd868c18b092da510ac32fa62c1238d54c869a5
SHA512

9d9f07c28a7c6d2957c7d1344abbdba97bdf633836d7e5b38041d3b77d4e95487981bceb58421cbdcf46164442bb76bb65e544e1e6f6c12bda13c85389af2649
SSDEEP

24576:1OAHPANfSh1jhbnTKeXjbnvbHhu+cNx71QUUP2fPfM:1j5ZbnjBu+Y79

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2244	3944	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3944	4852	rundll32.exe	84
PID 4852 wrote to memory of 3944	4852	rundll32.exe	84
PID 4852 wrote to memory of 3944	4852	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d953431d5c2b7c849475262abd868c18b092da510ac32fa62c1238d54c869a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d953431d5c2b7c849475262abd868c18b092da510ac32fa62c1238d54c869a5.dll,#1
  2⤵
  PID:3944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 604
    3⤵
    - Program crash
    PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3944 -ip 3944
1⤵
PID:4832