3c056949e470c346f196125b02fc27e21bed0195db43d332e29432a0866abbe4

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 00:39

Target

3c056949e470c346f196125b02fc27e21bed0195db43d332e29432a0866abbe4.dll
Size

280KB
MD5

f61c041874acb6a6e02bed50bd513dba
SHA1

1a02c1cc3f185d413f935a503462c245d3da36ed
SHA256

3c056949e470c346f196125b02fc27e21bed0195db43d332e29432a0866abbe4
SHA512

f999c44df282be7a9848d953791fedabee9329a623588e4c32f080b21fd88616e958808487abd2e16e4e7d0f46c6afe1c4b0e3409ecb0f5724a713a07931ec38
SSDEEP

6144:9Xp5etedibRG5V/R2/YjllKB0TvjrzZk6gUeIy28:1p5etedJVQYjllS0T7rzZk6gUF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4604	3956	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 3956	4396	rundll32.exe	86
PID 4396 wrote to memory of 3956	4396	rundll32.exe	86
PID 4396 wrote to memory of 3956	4396	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c056949e470c346f196125b02fc27e21bed0195db43d332e29432a0866abbe4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c056949e470c346f196125b02fc27e21bed0195db43d332e29432a0866abbe4.dll,#1
  2⤵
  PID:3956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 660
    3⤵
    - Program crash
    PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3956 -ip 3956
1⤵
PID:3352