48d8960ecf9cac589e8415b961c33d3d37c34322d9e81813f16f4a9e75726af3

Analysis

max time kernel
122s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:18

Target

0b3faa8fb5b9209a943c26cebedd8780.dll
Size

150KB
MD5

0b3faa8fb5b9209a943c26cebedd8780
SHA1

a55add217bdea96a1ee5e9fea56079c5b57a2ca4
SHA256

48d8960ecf9cac589e8415b961c33d3d37c34322d9e81813f16f4a9e75726af3
SHA512

ad4ffa4f6450a9ed61dbeb022953af3f79c531dbee4faafafc6a605dbab767fe5fffc2b36e30b16af74f60e1d4fa58e971d4b34e534d5dfd7013c521f79e7dfd
SSDEEP

384:/q5gH9kjH2vDusMIU6ZZJncRMfi3AU3TaTZn2VVOGaZ1GsrYbNu:/q5gdAH2SslZcf3YYXOGaDGsrYbNu

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	4636	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4636	4912	rundll32.exe	79
PID 4912 wrote to memory of 4636	4912	rundll32.exe	79
PID 4912 wrote to memory of 4636	4912	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3faa8fb5b9209a943c26cebedd8780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3faa8fb5b9209a943c26cebedd8780.dll,#1
  2⤵
  PID:4636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 656
    3⤵
    - Program crash
    PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4636 -ip 4636
1⤵
PID:2064

memory/4636-0-0x0000000010000000-0x0000000010121000-memory.dmp

Filesize
1.1MB

Download
memory/4636-1-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download