48e2b36d8fc4bace852d25876c166b70541ebaab8b286c0ed03736696a6db809

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 09:05

Target

623940813e120e82cf22f16bc672dbe8.dll
Size

344KB
MD5

623940813e120e82cf22f16bc672dbe8
SHA1

38d1d5bc8891aa98c207a28840df7a80f4c6bb3c
SHA256

48e2b36d8fc4bace852d25876c166b70541ebaab8b286c0ed03736696a6db809
SHA512

a416eafb028cfe72f7da05159c4a06543ce67d90ba7d85f9d774f1aa52760fb883dc9982e825aea2022d9e5c51d0d127cb0136cded266fd35f6f7aa6b12dc7b3
SSDEEP

6144:VZx4KD/MMwUOEqBH/30HPfaWWmPTKWM15Qv/kzXGm+9Al:VtGUOE0/mqWl8MUDz+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5232	3972	WerFault.exe	61

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3972	1136	rundll32.exe	61
PID 1136 wrote to memory of 3972	1136	rundll32.exe	61
PID 1136 wrote to memory of 3972	1136	rundll32.exe	61

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\623940813e120e82cf22f16bc672dbe8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\623940813e120e82cf22f16bc672dbe8.dll,#1
  2⤵
  PID:3972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 640
    3⤵
    - Program crash
    PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3972 -ip 3972
1⤵
PID:2972

memory/3972-0-0x0000000001500000-0x0000000001537000-memory.dmp

Filesize
220KB

Download
memory/3972-1-0x0000000002D30000-0x0000000002D88000-memory.dmp

Filesize
352KB

Download
memory/3972-5-0x0000000001500000-0x0000000001537000-memory.dmp

Filesize
220KB

Download