5cd0fa922235ce7cb9e8d1f7708ebfaade394b5fd501d38d403cf272a82320ad

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 21:17

Target

12ace9ff5972ebc363c501abef3e83fe.dll
Size

20KB
MD5

12ace9ff5972ebc363c501abef3e83fe
SHA1

01b9807bb46488e5dc562b8c1448a2834925c8ec
SHA256

5cd0fa922235ce7cb9e8d1f7708ebfaade394b5fd501d38d403cf272a82320ad
SHA512

1b9e89dd60bed06950884abda54e0c301ae2fb05f649f8959d3840391bae122c45fac315d0fb359d4ade1102c088d411a76ff358cb395218e437256b1622d02e
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplcvCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcvx2OqaewG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1708	2488	WerFault.exe	89

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2488	rundll32.exe
2488	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 2488	4408	rundll32.exe	89
PID 4408 wrote to memory of 2488	4408	rundll32.exe	89
PID 4408 wrote to memory of 2488	4408	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12ace9ff5972ebc363c501abef3e83fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12ace9ff5972ebc363c501abef3e83fe.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 624
    3⤵
    - Program crash
    PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2488 -ip 2488
1⤵
PID:2708

memory/2488-0-0x000000006F840000-0x000000006F84C000-memory.dmp

Filesize
48KB

Download