05369d9407e66824307d5ae7f80bd106080bb5377f30e7bbc0a50c88f3da29ee

Analysis

max time kernel
148s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:09

Target

014bb90a72c228e9fe67a4f01b40a6d7.dll
Size

103KB
MD5

014bb90a72c228e9fe67a4f01b40a6d7
SHA1

969a8cee890106bad344ec072183f3cced5bdfbb
SHA256

05369d9407e66824307d5ae7f80bd106080bb5377f30e7bbc0a50c88f3da29ee
SHA512

a11f6ba2954c54dab0fae0c5faef7c87cbbb9e78529bcfd8e852bdb317bf8b5346988a0f7d138cf98347fe79628d0fa8d1d8b87a5d10e4069807620a111e2fa7
SSDEEP

1536:X2udHxy+rxHLvN/2O6u1nzcH28AkmcTGx24mx19iUPxRNZ:X9NHUOBnzuycTGx2vx19iUPzNZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3500	4852	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 4852	3228	rundll32.exe	89
PID 3228 wrote to memory of 4852	3228	rundll32.exe	89
PID 3228 wrote to memory of 4852	3228	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\014bb90a72c228e9fe67a4f01b40a6d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\014bb90a72c228e9fe67a4f01b40a6d7.dll,#1
  2⤵
  PID:4852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 564
    3⤵
    - Program crash
    PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4852 -ip 4852
1⤵
PID:3944