643a73333f56d22723994469635b6447671ce3020cfb7a4f4e7c2eac3e1af780

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 18:19

Target

34011c67e2a4dae611d8d21ffa39fc0b.dll
Size

102KB
MD5

34011c67e2a4dae611d8d21ffa39fc0b
SHA1

3933bede4352b40012859f05316320c8d3ca6e69
SHA256

643a73333f56d22723994469635b6447671ce3020cfb7a4f4e7c2eac3e1af780
SHA512

68d353c3fbd429e71df2798f3dff79c78d06d3b800d69b9be440c83592be97b8af1b82618b8be994261630fab7dc8052625ac33e02dd314e26fd07d7fb597c64
SSDEEP

1536:ttM+3cgCBI+KOkcuI/G01EDxX0kg4nEtuOhr/nbT4j4KoYkmu1kj5axF0:zM+FYxGqG01EhRnE/4jV1u1k1a70

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1936	4128	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 4128	3168	rundll32.exe	87
PID 3168 wrote to memory of 4128	3168	rundll32.exe	87
PID 3168 wrote to memory of 4128	3168	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34011c67e2a4dae611d8d21ffa39fc0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34011c67e2a4dae611d8d21ffa39fc0b.dll,#1
  2⤵
  PID:4128
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 684
    3⤵
    - Program crash
    PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4128 -ip 4128
1⤵
PID:2412