cb7270df6eebae8bc408786c187d4044bc7f1bafeeef5a49ffcd5b0f44afb391

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:33

Target

0a2fcf5d10d0cb628bcca4f6f4059d40.dll
Size

42KB
MD5

0a2fcf5d10d0cb628bcca4f6f4059d40
SHA1

57e2ca973b6e55dbda5d94459e9db19c9ba6291e
SHA256

cb7270df6eebae8bc408786c187d4044bc7f1bafeeef5a49ffcd5b0f44afb391
SHA512

05e6f8d37d606c6f532066721a28baef237ebc89763c911f8872d47f25e5cad75c94bdf19b4dec23fabeb82cbcf6a2eecf55ada69bf2763fe3fc64aa6a90e6f3
SSDEEP

768:hkYC/yFF/waeFJxzIEXvNjoQEt0+piR3xtLc8yxzqyI9f4rWfKx21HB:hkYCq7wae5Iw6pe+pu37Ly+9W4P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5048	2220	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2220	2100	rundll32.exe	83
PID 2100 wrote to memory of 2220	2100	rundll32.exe	83
PID 2100 wrote to memory of 2220	2100	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a2fcf5d10d0cb628bcca4f6f4059d40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a2fcf5d10d0cb628bcca4f6f4059d40.dll,#1
  2⤵
  PID:2220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 544
    3⤵
    - Program crash
    PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2220 -ip 2220
1⤵
PID:4072