781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 10:48

Target

781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll
Size

208KB
MD5

349740c3c51e472592fc596cb5a1b84d
SHA1

a916e6f200fc756f3a41b14ee1d5eb9296ea8146
SHA256

781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a
SHA512

e6371e7b2b1778ea374e14c0b2219cc5180638688e18d57f81aafcfc75dcac03d05fd6fb57512af274ef81e2d171967cdaae81e2745e689607889bc8549601af
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUDY55:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3748 3560 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3748	3560	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3396 wrote to memory of 3560	3396	rundll32.exe	rundll32.exe
PID 3396 wrote to memory of 3560	3396	rundll32.exe	rundll32.exe
PID 3396 wrote to memory of 3560	3396	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3396

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\781ad40b51e4e5747d90e1701cc9b76f596f0b156aa239cd46cb24fa73680d8a.dll,#1
2⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 632
3⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3560 -ip 3560
1⤵
PID:4020