a1d719ec3d3e44406d1128cb8c9646daa7129f7d373a0f2b3d1d112d07b22773

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:52

Target

00fb69c2a49d7fb3de6342f19286ae30.dll
Size

32KB
MD5

00fb69c2a49d7fb3de6342f19286ae30
SHA1

be993dacfae32286806a5d96a29d4e768b2ea50f
SHA256

a1d719ec3d3e44406d1128cb8c9646daa7129f7d373a0f2b3d1d112d07b22773
SHA512

8bfc42381134d7699da02ededc3bdfb959c49c54bab11ade0cbce1502abd0621e5ecc6788d86a7f622df24760b13b2ba0b87acf52aa44c9f1e05356790e2a0d3
SSDEEP

384:Dk8uVeVDkStfx8pIqy9pBM5O9xKOKM20YIcP6J+FQ91y:hIStJ8pIq15ORKM7YIcPCmQ91y

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1644	1832	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 1832	4068	rundll32.exe	89
PID 4068 wrote to memory of 1832	4068	rundll32.exe	89
PID 4068 wrote to memory of 1832	4068	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00fb69c2a49d7fb3de6342f19286ae30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00fb69c2a49d7fb3de6342f19286ae30.dll,#1
  2⤵
  PID:1832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 960
    3⤵
    - Program crash
    PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1832 -ip 1832
1⤵
PID:1516