c25e3d5ba7d11f80ee8910bbdf16990d6e48168c2618a01b9fd7804b51ff6f90

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 07:30

Target

0ee786750d0986c3ee9cdc22429e7409.dll
Size

147KB
MD5

0ee786750d0986c3ee9cdc22429e7409
SHA1

c11b59010de35dc5aa931764983905659326c737
SHA256

c25e3d5ba7d11f80ee8910bbdf16990d6e48168c2618a01b9fd7804b51ff6f90
SHA512

f46aa7da0c7c7f64c08edc0f0232b7c230a2c19d2cd3c439afe3222a2b1ad9fe08b2548d99bcdcd76452e6699fcf502ad6d49888a6e67d5a65b6277b46e63620
SSDEEP

3072:b3pDQ1mOdEc5Yj2iE+hhKyWj+pVR8vaG/6NUAKhS:b3pDQ8OCc5YjbDhKynpVe/6NU3I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4140	5008	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 5008	3760	rundll32.exe	14
PID 3760 wrote to memory of 5008	3760	rundll32.exe	14
PID 3760 wrote to memory of 5008	3760	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ee786750d0986c3ee9cdc22429e7409.dll,#1
1⤵
PID:5008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 688
  2⤵
  - Program crash
  PID:4140

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ee786750d0986c3ee9cdc22429e7409.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5008 -ip 5008
1⤵
PID:548

memory/5008-0-0x0000000000850000-0x000000000087A000-memory.dmp

Filesize
168KB

Download
memory/5008-1-0x0000000000850000-0x000000000087A000-memory.dmp

Filesize
168KB

Download