6687fdbcf8d23e8b8e7d74aaf38effb7d3f47ba560bd081eed9e5fb48e15baf6

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 07:40

Target

6687fdbcf8d23e8b8e7d74aaf38effb7d3f47ba560bd081eed9e5fb48e15baf6.dll
Size

311KB
MD5

b9c022fad81cdf434dd0afc107a98dc6
SHA1

d5d1e99a1faee55912672adcb719a22594be8869
SHA256

6687fdbcf8d23e8b8e7d74aaf38effb7d3f47ba560bd081eed9e5fb48e15baf6
SHA512

a8effc083fe9f5502863e859bd5065c3aee611d54e8bcdf926736babb8d2c02277837d283a7560528d8a0d8bcd417efa76c7ca433ba88a3580e6fccd06c835a8
SSDEEP

6144:8lvObqsDxmWLqPcrMUvi9nTUaveBXAaveBXv:8kbqsfakRK9n1Ss

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
704	3076	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 3076	2516	rundll32.exe	86
PID 2516 wrote to memory of 3076	2516	rundll32.exe	86
PID 2516 wrote to memory of 3076	2516	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6687fdbcf8d23e8b8e7d74aaf38effb7d3f47ba560bd081eed9e5fb48e15baf6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6687fdbcf8d23e8b8e7d74aaf38effb7d3f47ba560bd081eed9e5fb48e15baf6.dll,#1
  2⤵
  PID:3076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 600
    3⤵
    - Program crash
    PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3076 -ip 3076
1⤵
PID:3472