8803f876d3c94aa53beb1d1103ef511615a222de798e0deb54bfbf05974b16a5

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:38

Target

2047c40e41fad1dd2c621bc036b6ec2f.dll
Size

84KB
MD5

2047c40e41fad1dd2c621bc036b6ec2f
SHA1

4fd2dc7e391801cb8c74f8d88c3fbd68ff802943
SHA256

8803f876d3c94aa53beb1d1103ef511615a222de798e0deb54bfbf05974b16a5
SHA512

0d0f0d039d86e3827922120e4b50539b6614196c9e6fe9c7404c3f0ea47bbf031392e117fd39c35fbc3d5470b5f8865a81145381812f4c28d1895073bd9751cd
SSDEEP

1536:4BznYoA/xLgjNSs7dIhcQa26EAf+W/6jBgD9e7XGMAX4EPzJoj0NZo429jui:41nYd/OBmcZ7E/W/6jBgD9e7WMik0/2N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2060	4612	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 4612	2736	rundll32.exe	14
PID 2736 wrote to memory of 4612	2736	rundll32.exe	14
PID 2736 wrote to memory of 4612	2736	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2047c40e41fad1dd2c621bc036b6ec2f.dll,#1
1⤵
PID:4612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 580
  2⤵
  - Program crash
  PID:2060

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2047c40e41fad1dd2c621bc036b6ec2f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4612 -ip 4612
1⤵
PID:2648

memory/4612-1-0x0000000002840000-0x0000000002927000-memory.dmp

Filesize
924KB

Download
memory/4612-0-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download