d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
25-10-2023 06:56

Target

d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll
Size

208KB
MD5

26b4810e1372c15b6650cfd32ce66ddb
SHA1

8154042e089b633dd57c3b054f2e94b45bd6cd13
SHA256

d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7
SHA512

d437c4564880108efc45a9de436cab354552ac4da29498d9ab72520ad855064d0352e4396e66d7698b953f803d2f0b8bddec711156bffd8c70fbb37811f1f8ca
SSDEEP

3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdU9Y5mq:v/MEfuN0t8C5oFsoeRM3o0jN

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3040 4804 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3040	4804	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4996 wrote to memory of 4804	4996	rundll32.exe	rundll32.exe
PID 4996 wrote to memory of 4804	4996	rundll32.exe	rundll32.exe
PID 4996 wrote to memory of 4804	4996	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3a11c527ce87a97b3ae9b2456d9f485363683281235d0605202ee92bf1eb5b7.dll,#1
2⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 632
3⤵
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4804 -ip 4804
1⤵
PID:3612