29828dee79dc20847ee00ce0cacea333485270b0fd3cc7e03ed6ce2e384428a4

Analysis

max time kernel
137s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:32

Target

6ec8108b351c0766f4a04ec7aa4b37bb.dll
Size

92KB
MD5

6ec8108b351c0766f4a04ec7aa4b37bb
SHA1

3225e298f344b290ef3340b6d66498339c2adefe
SHA256

29828dee79dc20847ee00ce0cacea333485270b0fd3cc7e03ed6ce2e384428a4
SHA512

3759cf849f532b464ec3d1c6d7624cf46f978659978b81a3dd77dc7b3728bdfd8249207df1b1d43a01156d58a9cbc62912603d924b3086935e2fedc6b932ea2f
SSDEEP

1536:37BcvfaiPAlGewIrMifHM1x431M5d4e8qu/E6BRLuFVQTuLpIfUJ:3Nc6BlGewIrV44FM5Oe8qutUFyuWsJ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
652	1372	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1372	4860	rundll32.exe	14
PID 4860 wrote to memory of 1372	4860	rundll32.exe	14
PID 4860 wrote to memory of 1372	4860	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec8108b351c0766f4a04ec7aa4b37bb.dll,#1
1⤵
PID:1372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 580
  2⤵
  - Program crash
  PID:652

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec8108b351c0766f4a04ec7aa4b37bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1372 -ip 1372
1⤵
PID:808

memory/1372-0-0x0000000010000000-0x0000000010022000-memory.dmp

Filesize
136KB

Download
memory/1372-1-0x0000000002900000-0x0000000002A00000-memory.dmp

Filesize
1024KB

Download