566221efb69b41f483f70166ab3fe79b7da3c56ba07bdcad2ac2bd3869e15a1c

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 10:01

Target

566221efb69b41f483f70166ab3fe79b7da3c56ba07bdcad2ac2bd3869e15a1c.dll
Size

1.2MB
MD5

f919fa037c08ab87f7e6a777bc4f9f3a
SHA1

3fe0b48feb5d6c10526eabe60ca4aab9bb9eb1ed
SHA256

566221efb69b41f483f70166ab3fe79b7da3c56ba07bdcad2ac2bd3869e15a1c
SHA512

023411e84f24a3d6be45bed816471c9a0b49cf50b55dc46bf3cbed956da722b2b9ab698d0a3b477bcd8e912acdc15875845158b7ffca3cba31f0feac90abafb5
SSDEEP

24576:b6IDXov4R33CpSCY0smaAKIuXpBNRycuvAnNGdEA4aWY0zF1K/:ZD9/CZsrJXXNwvAnYdEACfFc/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	4924	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4924	3120	rundll32.exe	86
PID 3120 wrote to memory of 4924	3120	rundll32.exe	86
PID 3120 wrote to memory of 4924	3120	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\566221efb69b41f483f70166ab3fe79b7da3c56ba07bdcad2ac2bd3869e15a1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\566221efb69b41f483f70166ab3fe79b7da3c56ba07bdcad2ac2bd3869e15a1c.dll,#1
  2⤵
  PID:4924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 552
    3⤵
    - Program crash
    PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4924 -ip 4924
1⤵
PID:1016

memory/4924-0-0x0000000074CE0000-0x0000000074E0F000-memory.dmp

Filesize
1.2MB

Download
memory/4924-1-0x0000000075B60000-0x0000000075D75000-memory.dmp

Filesize
2.1MB

Download
memory/4924-3875-0x0000000074CE0000-0x0000000074CEF000-memory.dmp

Filesize
60KB

Download