9291f80e0b06a2c7be36aa22390918aec7798604a91b385c48a4623c86b4f83a

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2023 16:04

Target

2464-1-0x0000000000130000-0x000000000013E000-memory.dll
Size

56KB
MD5

0caf18e517a887f0879f4c4ddcc92d46
SHA1

230aa937ce3246d359ee43c3576a61dfb4698867
SHA256

9291f80e0b06a2c7be36aa22390918aec7798604a91b385c48a4623c86b4f83a
SHA512

9edb6a0deeeed3cf12dcf0c19d5acae2aff2610da743d1e0ef812ad9507fb55fec5086880098aa3f0f13c4d54b196590bb69977e85750de1c73a68d1e2c5a8ea
SSDEEP

768:A2kfIL3q8aQ+73Mncvo0ya8Kl7aQixYgxYJmv0NHY7lbjNltdX20JJ:OQO8aQ+73MnQBVJaf3C7YJj3HG0JJ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1552 2420 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1552	2420	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3356 wrote to memory of 2420	3356	rundll32.exe	rundll32.exe
PID 3356 wrote to memory of 2420	3356	rundll32.exe	rundll32.exe
PID 3356 wrote to memory of 2420	3356	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2464-1-0x0000000000130000-0x000000000013E000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2464-1-0x0000000000130000-0x000000000013E000-memory.dll,#1
2⤵
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 564
3⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2420 -ip 2420
1⤵
PID:720