2e56b8c3ca9fea6db7f588dba5412eedb7c99751ea3c7dace0c94b15c06cda3e

Analysis

max time kernel
154s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 16:10

Target

2e56b8c3ca9fea6db7f588dba5412eedb7c99751ea3c7dace0c94b15c06cda3e.dll
Size

2.1MB
MD5

27c1226a602c67c0b085597ea7f201d5
SHA1

ed919848a57c13a64117d4a9204ba2bbb20ff383
SHA256

2e56b8c3ca9fea6db7f588dba5412eedb7c99751ea3c7dace0c94b15c06cda3e
SHA512

9914fb22bf956eb8a3fdae8eefc67f3500299cdb73799c37d11000dcb9735513b45e8ddcff0126a09b8ae2479d579289084d014dc43bc6fdc03471bdbbebd294
SSDEEP

49152:/Bx4NyGN9mIJtuAfo9VmEfZOkNPSTqctjwTj1uMsT:ZxB69mFEGrPSTqs4CT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1624	536	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 536	1248	rundll32.exe	88
PID 1248 wrote to memory of 536	1248	rundll32.exe	88
PID 1248 wrote to memory of 536	1248	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e56b8c3ca9fea6db7f588dba5412eedb7c99751ea3c7dace0c94b15c06cda3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e56b8c3ca9fea6db7f588dba5412eedb7c99751ea3c7dace0c94b15c06cda3e.dll,#1
  2⤵
  PID:536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 560
    3⤵
    - Program crash
    PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 536 -ip 536
1⤵
PID:2652