e47c7047dab068ffec425a007e0322231b3b9ca0613f8a7e18c35fe7f216f481

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 11:59

Target

6cb4a88b236b1a54313706e62b82e5d7.dll
Size

172KB
MD5

6cb4a88b236b1a54313706e62b82e5d7
SHA1

5ae3f4ad582b2595ae80597c99e473491378d8fc
SHA256

e47c7047dab068ffec425a007e0322231b3b9ca0613f8a7e18c35fe7f216f481
SHA512

9e6409f4185c61a858f570caedb1c2977bc36dac100245413776070724277cd84d7cbb637e736e1e0336c8988f472ba2489e5009d6518b6fd4920256603c7179
SSDEEP

3072:03Ne5Rah/8hNrXeVN4TCrVHAQEyj9hjzY4INqOFh+tROGs7:UA+hkhNrG4TCB+4hjzfsqOFyRh

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2836	4176	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 4176	3584	rundll32.exe	14
PID 3584 wrote to memory of 4176	3584	rundll32.exe	14
PID 3584 wrote to memory of 4176	3584	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cb4a88b236b1a54313706e62b82e5d7.dll,#1
1⤵
PID:4176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 576
  2⤵
  - Program crash
  PID:2836

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cb4a88b236b1a54313706e62b82e5d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4176 -ip 4176
1⤵
PID:1128

memory/4176-1-0x0000000000B80000-0x0000000000B90000-memory.dmp

Filesize
64KB

Download