70449df97a549531b91c10ae2c5e77569f9a98b4b08d02efa16ad5cc64def13a

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:17

Target

09cc9baabb29723485105bf7378cef9f.dll
Size

56KB
MD5

09cc9baabb29723485105bf7378cef9f
SHA1

d151a22cc1bdf126dd0a4e16c7eb742081ffb764
SHA256

70449df97a549531b91c10ae2c5e77569f9a98b4b08d02efa16ad5cc64def13a
SHA512

8fe9e814589a79b8a580bbcc3539d398cdb83b84b889c339ac2141ccee673e6194665a05c0467f3fc4af2f6691c8f537b1bc29308e6a4f6148164e66d87c1634
SSDEEP

768:nalwIRqnmpjsmHHqlJfQwDvlwvA0ttaXIAov5DVyJBXoeZ09Xm8kCs/rEUbo7cqJ:8wIRqnmjsNCh+TEJ4XoeZ2cz/QNwAl4W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1748	4584	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4584	4932	rundll32.exe	14
PID 4932 wrote to memory of 4584	4932	rundll32.exe	14
PID 4932 wrote to memory of 4584	4932	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09cc9baabb29723485105bf7378cef9f.dll,#1
1⤵
PID:4584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 564
  2⤵
  - Program crash
  PID:1748

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09cc9baabb29723485105bf7378cef9f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4584 -ip 4584
1⤵
PID:4836

memory/4584-0-0x00000000027D0000-0x0000000002820000-memory.dmp

Filesize
320KB

Download