18bf8ccc0287cfa6bb1eba75554cde5fe9d07e3e529871d860bc4fb49829900a

Analysis

max time kernel
156s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:25

Target

6e526721b3eb5108c75eb864f01a1b42.dll
Size

251KB
MD5

6e526721b3eb5108c75eb864f01a1b42
SHA1

577118a7357fcd1b4d39e5353a5979a75c3d506a
SHA256

18bf8ccc0287cfa6bb1eba75554cde5fe9d07e3e529871d860bc4fb49829900a
SHA512

2fdcb16f63285f0902f772e9c4ef2b714d1c49f2f9d490c15356da1c3b7e59aaa95ab05b0d3e65cbf66e54a309bc24ee66a11020abc13336adcf110c29dafb69
SSDEEP

6144:0tD/UCqbpDwTGW3nXHyGQcIlkktIDaWcX:a/xqbBwTGg3HIloaWcX

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1652	1360	WerFault.exe	88
1732	1360	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1360	1572	rundll32.exe	88
PID 1572 wrote to memory of 1360	1572	rundll32.exe	88
PID 1572 wrote to memory of 1360	1572	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e526721b3eb5108c75eb864f01a1b42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e526721b3eb5108c75eb864f01a1b42.dll,#1
  2⤵
  PID:1360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 540
    3⤵
    - Program crash
    PID:1652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 796
    3⤵
    - Program crash
    PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1360 -ip 1360
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1360 -ip 1360
1⤵
PID:2588