488068bacf336dc1195ddda96d03a769cd97a566104ccd5c45a77541fa6ab375

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 14:56

Target

275f2036efa8b862db88938eb55e1a6c.dll
Size

77KB
MD5

275f2036efa8b862db88938eb55e1a6c
SHA1

64c1556800e238f8fcbe3dd3342eafb4b2b771d5
SHA256

488068bacf336dc1195ddda96d03a769cd97a566104ccd5c45a77541fa6ab375
SHA512

e829c6dcd4b31906b059bd5efc7129f8a8b453b0b5785b9b2bf45cc95dccb0797fbf1af477d483fd868f8ef97922f69bca4b1a67d0c462ee8bbeec7899219635
SSDEEP

1536:Ql4Ol0PGc4R8Pv4Dw1yUpbQFnToIfxgY0r5ZmNiTJbN:Forc4RA8w1yUpbQtTBfxgY0r5ZmNiTJR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
64	1200	WerFault.exe	40

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1200	1364	rundll32.exe	40
PID 1364 wrote to memory of 1200	1364	rundll32.exe	40
PID 1364 wrote to memory of 1200	1364	rundll32.exe	40

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\275f2036efa8b862db88938eb55e1a6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\275f2036efa8b862db88938eb55e1a6c.dll,#1
  2⤵
  PID:1200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 644
    3⤵
    - Program crash
    PID:64

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k krnlsrvc
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1200 -ip 1200
1⤵
PID:4824