6d2231b00672517c2094e5abcc844a1a6c06ce43203b5f5b4ccf2a5cef5080a5

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 14:40

Target

6d2231b00672517c2094e5abcc844a1a6c06ce43203b5f5b4ccf2a5cef5080a5.dll
Size

2.1MB
MD5

d6cd4d73a5f3a984fb08e38efca9d764
SHA1

7194f2bf72b8c7e48d1f5d78a8284e76d6d555fd
SHA256

6d2231b00672517c2094e5abcc844a1a6c06ce43203b5f5b4ccf2a5cef5080a5
SHA512

31e4c27e262c899e8359fcea779ece2a16cb2e9691d00d949d9d95bb3b60582ef21da3d1c11acd18079ca1247854321808010a7d402230c96f22febe513402e1
SSDEEP

49152:vcz84Bxm/mJoQAXJmMmEfZOkNPSTqctjRTDpJMMD+:k7rm/eMcGPSTqsL5K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4448	2912	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 2912	1240	rundll32.exe	86
PID 1240 wrote to memory of 2912	1240	rundll32.exe	86
PID 1240 wrote to memory of 2912	1240	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d2231b00672517c2094e5abcc844a1a6c06ce43203b5f5b4ccf2a5cef5080a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d2231b00672517c2094e5abcc844a1a6c06ce43203b5f5b4ccf2a5cef5080a5.dll,#1
  2⤵
  PID:2912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 564
    3⤵
    - Program crash
    PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2912 -ip 2912
1⤵
PID:2904