8d8d7171a5c96c89af0028cd32d7a99f5a011dc1420334f87f53cd54b4c76484

Analysis

max time kernel
144s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:03

Target

051a074b6f48eaed05831d7956914fab.dll
Size

7KB
MD5

051a074b6f48eaed05831d7956914fab
SHA1

8dcb08eb98bf3bd500bc9d15597bd5467fec491a
SHA256

8d8d7171a5c96c89af0028cd32d7a99f5a011dc1420334f87f53cd54b4c76484
SHA512

3b98fef1ae2460dc0288d49fbbaadca60cc7d40146e40db0bd286e8fdf99ec0540400f45f297318c4a6a5223a41e1d6d3295e659cf1e70b631e7d61aada8f55a
SSDEEP

192:pX0A9iFJbyUjWUH6nHH3XHmxlZNMUwFH3XHVnOR:pTAFgQWUH6nHH3XHmfQUwFH3XH9OR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	1212	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 1212	936	rundll32.exe	20
PID 936 wrote to memory of 1212	936	rundll32.exe	20
PID 936 wrote to memory of 1212	936	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\051a074b6f48eaed05831d7956914fab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\051a074b6f48eaed05831d7956914fab.dll,#1
  2⤵
  PID:1212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 548
    3⤵
    - Program crash
    PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1212 -ip 1212
1⤵
PID:2852