8ec065491ce4e13843b345bc7448334dc6fa47f85e47dea64f4669589bc46819

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 14:32

Target

8ec065491ce4e13843b345bc7448334dc6fa47f85e47dea64f4669589bc46819.dll
Size

1.7MB
MD5

1511e594dfd3a1da51e5e3a5061a2b60
SHA1

9fdf3b4829432c76762205bf82dcd292a222ebb8
SHA256

8ec065491ce4e13843b345bc7448334dc6fa47f85e47dea64f4669589bc46819
SHA512

227d05c650eb2c3e0feb9fa078df473814963890eca22393212b00233e33dc08738741834d57f203f9aea400c0cbfd7713017666f69bd374d2bb8af266116bea
SSDEEP

49152:98S4/XyHJooFMqTXeUjBMeJOu1SRnC+5K3Sy9oZ:+S4/CHmoFdL9jlkpu3Si

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3252	3688	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 3688	2952	rundll32.exe	84
PID 2952 wrote to memory of 3688	2952	rundll32.exe	84
PID 2952 wrote to memory of 3688	2952	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec065491ce4e13843b345bc7448334dc6fa47f85e47dea64f4669589bc46819.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec065491ce4e13843b345bc7448334dc6fa47f85e47dea64f4669589bc46819.dll,#1
  2⤵
  PID:3688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 596
    3⤵
    - Program crash
    PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3688 -ip 3688
1⤵
PID:2356