a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f

Analysis

max time kernel
216s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 07:49

Target

a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f.dll
Size

725KB
MD5

fb8c0efba2bf6d6b25acf8c3573a7ca8
SHA1

af8ab0bcbc1807aceb8ec9711fc50e2db86b67d7
SHA256

a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f
SHA512

e6daedd60d2b3f1197fbce5af5bb373153fa99a0a5159c6f13a1ec6b1b10daffbce9aaa06849666507ae6d864bd4eeda6113e25ed67846fd108f8377e2ceb60f
SSDEEP

12288:oZQtSI9y7dfYPJhwkA9/EsQ+1rG6AWy3OKt62xUVmSUEHoeF7LxV4JZXet6I5:BSdfMeNQeG4Kt+UEI8LxVGo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	3012	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3012	1680	rundll32.exe	88
PID 1680 wrote to memory of 3012	1680	rundll32.exe	88
PID 1680 wrote to memory of 3012	1680	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1195a9bb4c7363242dac6026f95cb8bb59a37ab150b936eabd48e0d4c79208f.dll,#1
  2⤵
  PID:3012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 716
    3⤵
    - Program crash
    PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3012 -ip 3012
1⤵
PID:2884