b948aaa5f39f53834d10562bb7c898ae3fe5ce44d57645085734378762958c35

Analysis

max time kernel
147s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:38

Target

f67f2e14fb1bd29f7cf76f0192433e1b.dll
Size

56KB
MD5

f67f2e14fb1bd29f7cf76f0192433e1b
SHA1

5587acb3b23d67432846762719885d259bb9f16d
SHA256

b948aaa5f39f53834d10562bb7c898ae3fe5ce44d57645085734378762958c35
SHA512

016630cefd0cf534919ad6da1fb883dd37fbac5e8be824081dff523848ba3de72498985e1c589f4b1e7e3d6d448a0b7b61f0e1d4578127471daa6365a79ffbb1
SSDEEP

1536:6FzN559FOWt4Mvi6JVG/i/D+4/vhOFn6R0HxDjiMSSLO:ozPGQJd/q43Gns0HxDji/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4288	3676	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3676	2216	rundll32.exe	14
PID 2216 wrote to memory of 3676	2216	rundll32.exe	14
PID 2216 wrote to memory of 3676	2216	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f67f2e14fb1bd29f7cf76f0192433e1b.dll,#1
1⤵
PID:3676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 232
  2⤵
  - Program crash
  PID:4288

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f67f2e14fb1bd29f7cf76f0192433e1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3676 -ip 3676
1⤵
PID:1760

memory/3676-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download