b94e3ca89d1b3a61630a1d7e101e4ab86a4d87eeac59a35e0abbbbe3c10c66fe

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 14:05

Target

b94e3ca89d1b3a61630a1d7e101e4ab86a4d87eeac59a35e0abbbbe3c10c66fe.dll
Size

340KB
MD5

e57d88c7b7ce5d1b794cecc395278d1b
SHA1

3f2f12c94426b6729837613ef1a6d1001cc97680
SHA256

b94e3ca89d1b3a61630a1d7e101e4ab86a4d87eeac59a35e0abbbbe3c10c66fe
SHA512

cd65cdfa91f1e7efff9c5b46a52b05374d872a77276eccd8eef104801e938db0f722a3e24f67a19e465ea09933bc883125b55621fb7b530d9b6d02bdfa4ba819
SSDEEP

6144:zAtgrS2a8MHKiNZ0IPtFVoY7/zfkvPPtFVoY7/zfkvp:0tgrS2avHhGI3VP7Q33VP7Q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1040	1360	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1360	2528	rundll32.exe	88
PID 2528 wrote to memory of 1360	2528	rundll32.exe	88
PID 2528 wrote to memory of 1360	2528	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94e3ca89d1b3a61630a1d7e101e4ab86a4d87eeac59a35e0abbbbe3c10c66fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94e3ca89d1b3a61630a1d7e101e4ab86a4d87eeac59a35e0abbbbe3c10c66fe.dll,#1
  2⤵
  PID:1360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 628
    3⤵
    - Program crash
    PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1360 -ip 1360
1⤵
PID:4872

memory/1360-0-0x0000000075720000-0x0000000075776000-memory.dmp

Filesize
344KB

Download