db7fbfa24016086a8564fa01f6160644179939d867ec26836ae878210672275a

Analysis

max time kernel
134s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:53

Target

77111940642992acc73e5a52b2310c0a.dll
Size

21KB
MD5

77111940642992acc73e5a52b2310c0a
SHA1

5743411b63801cff7904c4e27c01ddc77cd0769f
SHA256

db7fbfa24016086a8564fa01f6160644179939d867ec26836ae878210672275a
SHA512

38c41660e88f638cd0e1926d7c293ac0a843468b2f9010988b84a96d477dd51b9b9fbbb3edbeb01b3464cbc23988f5a82b295108a3451d012b45dcec2e92a632
SSDEEP

384:izx22vlvKQknw8TQCXSsaSnZVNhJDbwOOM9LwgJnmDnVT9G3:izx22NiQknwaQCXlnFXdwe4p9G3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
232	4812	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4812	4992	rundll32.exe	14
PID 4992 wrote to memory of 4812	4992	rundll32.exe	14
PID 4992 wrote to memory of 4812	4992	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77111940642992acc73e5a52b2310c0a.dll,#1
1⤵
PID:4812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 580
  2⤵
  - Program crash
  PID:232

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77111940642992acc73e5a52b2310c0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4812 -ip 4812
1⤵
PID:100