672a22639a15c5b92dfd122fa3b70e86963c5a800dcccae77c363001e092c36c

Analysis

max time kernel
143s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:07

Target

2809f956369be9f54424d53ad2b89541.dll
Size

198KB
MD5

2809f956369be9f54424d53ad2b89541
SHA1

f5cf00fe3722d4071a105130c605908e2cdf9744
SHA256

672a22639a15c5b92dfd122fa3b70e86963c5a800dcccae77c363001e092c36c
SHA512

ed021bfec0b11970ca74b08ed29054a62a0043ef4f454b33c7e1ece55355f7047305f1155af6eef9c5d6e7c6d6739e0dcba37dbc8ac22597b327ffb3c88972aa
SSDEEP

3072:RgB07mGLHISnAgSNN58iPBJntlftRCnR7iOSnKa4yAI2mRt+UYP0:RgB07XW758Qntlfty7i0ayIPWUs0

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	4980	WerFault.exe	60

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 4980	3092	rundll32.exe	60
PID 3092 wrote to memory of 4980	3092	rundll32.exe	60
PID 3092 wrote to memory of 4980	3092	rundll32.exe	60

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2809f956369be9f54424d53ad2b89541.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2809f956369be9f54424d53ad2b89541.dll,#1
  2⤵
  PID:4980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 568
    3⤵
    - Program crash
    PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4980 -ip 4980
1⤵
PID:1220