deead1744cca257823cffb977b07d05f932fb902ce6e3ddedb4c667ca6aea021

Analysis

max time kernel
147s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 03:33

Target

2.dll
Size

2.5MB
MD5

4c8b103bc71c3a791c05043e9dd425d8
SHA1

d6f254b197eca363c5cf905834a279a6ef04365a
SHA256

6ad02bdcbfa3b7a23b84ec330a416edc33b0d9dcabc4a474219b92c98bd623ba
SHA512

96c244156c7ce656d1e7d2f11c982df6894131bfc52304c7e7a704f746c765f0db431ae8a2283df13e0e6039dee79886b157a33f1fecfe4b11b52e8446deffc4
SSDEEP

49152:bvNwIvaMHeeAunfy/zGuaiucb2sdcdk3YZ/8/RRLMSaYzRF91UvoOFMXYsejw:biIiMHeeXfy/Kuaiucb2sadHZ/8/PYYz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2704	4772	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 4772	3096	rundll32.exe	14
PID 3096 wrote to memory of 4772	3096	rundll32.exe	14
PID 3096 wrote to memory of 4772	3096	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#1
1⤵
PID:4772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 552
  2⤵
  - Program crash
  PID:2704

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4772 -ip 4772
1⤵
PID:864