c6e5fdf8b11c1e0ed76ff534c09170afe7a6cd943daa38315d026274e52dda82

Analysis

max time kernel
151s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 02:55

Target

013eb4d385bc9bda622d8b04dd2d4c46.dll
Size

39KB
MD5

013eb4d385bc9bda622d8b04dd2d4c46
SHA1

7c05cdeb86e86fe23e225ec513f5275f77073fe7
SHA256

c6e5fdf8b11c1e0ed76ff534c09170afe7a6cd943daa38315d026274e52dda82
SHA512

c02520c7e7d3147251c82fa067419aa7ff1ce69aa7e4b3d7ef6f0e745811a3c74e6079e93339ceccd1051b246048be4905bda13279029b19f1073af19282ed8d
SSDEEP

768:BRcxy6r6UzkMG7AXaCGUb65MpHftqUmot1iRL3VJHc/lr:BRc9rrO0KE65rUBiRLkV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3092	2260	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 2260	4024	rundll32.exe	87
PID 4024 wrote to memory of 2260	4024	rundll32.exe	87
PID 4024 wrote to memory of 2260	4024	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\013eb4d385bc9bda622d8b04dd2d4c46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\013eb4d385bc9bda622d8b04dd2d4c46.dll,#1
  2⤵
  PID:2260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 604
    3⤵
    - Program crash
    PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2260 -ip 2260
1⤵
PID:2080

memory/2260-0-0x0000000038000000-0x000000003800D000-memory.dmp

Filesize
52KB

Download
memory/2260-1-0x0000000038000000-0x000000003800D000-memory.dmp

Filesize
52KB

Download