e8dd9614ed7a216f8af90e1ec9d278fc064c5a4426496446ec166566ca29baef

Analysis

max time kernel
133s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 22:12

Target

fbe85770b710043ed73e29f8be3f989d.dll
Size

27KB
MD5

fbe85770b710043ed73e29f8be3f989d
SHA1

52546ec159447cafa18af733c26753873b14093f
SHA256

e8dd9614ed7a216f8af90e1ec9d278fc064c5a4426496446ec166566ca29baef
SHA512

8e367f3ba9dd462b1c994fe65666060e00f53a0e8b6459960a72b922454d9360c0fb3d1be5a722dd18cab8b2a42c32795693ff68a2a449879bb7ed0bf86d90aa
SSDEEP

384:Sb4ic4ZNsCHMLfEfaAmwcYP4tZAHJjf8nhp4mOvDKWb:Sb4iZZNsTAPP4tij9mKKW

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3252	2080	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 2080	4332	rundll32.exe	87
PID 4332 wrote to memory of 2080	4332	rundll32.exe	87
PID 4332 wrote to memory of 2080	4332	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbe85770b710043ed73e29f8be3f989d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbe85770b710043ed73e29f8be3f989d.dll,#1
  2⤵
  PID:2080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 612
    3⤵
    - Program crash
    PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2080 -ip 2080
1⤵
PID:8

memory/2080-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download