c657c7d749ff7bceabd77395ca56e264e2cb7bff90b025af171f8baca5084914

Analysis

max time kernel
139s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 11:02

Target

c657c7d749ff7bceabd77395ca56e264e2cb7bff90b025af171f8baca5084914.dll
Size

1002KB
MD5

9fbf4989ac434e1aee2c8406347c2569
SHA1

8d29476d773e9a74106ea793cc2c9aec6ed6253c
SHA256

c657c7d749ff7bceabd77395ca56e264e2cb7bff90b025af171f8baca5084914
SHA512

b49aca257c7caa6dff693c52869f6a2a2e785dae5e1891bf5305f18382d75c6bb47647f7addf907512581321713f881235d99b0de252e7705ed0fadcb489e9b3
SSDEEP

24576:UHpwutksPoFZj2t006veH35an0aT8InBSHbMNUaTnnpHntC0:otFPojs6vn0G8IBS7MNUaTBtC0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3372	1932	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1932	2120	rundll32.exe	83
PID 2120 wrote to memory of 1932	2120	rundll32.exe	83
PID 2120 wrote to memory of 1932	2120	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c657c7d749ff7bceabd77395ca56e264e2cb7bff90b025af171f8baca5084914.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c657c7d749ff7bceabd77395ca56e264e2cb7bff90b025af171f8baca5084914.dll,#1
  2⤵
  PID:1932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 632
    3⤵
    - Program crash
    PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1932 -ip 1932
1⤵
PID:3020