22985cc9854ae61dad7387e0731e1cf237a25e8a2aca1185f0e7563ae9946840

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:12

Target

0fb524dfd55b3a8139a232129fe6ea40.dll
Size

128KB
MD5

0fb524dfd55b3a8139a232129fe6ea40
SHA1

1d5af0c197b15b4c6534e146b6698a1b7d4fffdb
SHA256

22985cc9854ae61dad7387e0731e1cf237a25e8a2aca1185f0e7563ae9946840
SHA512

1505d388757720bb565d47fa519e699ebf395a5ca00eb8930d8a071e7dbe155cb9a0bca11baefa53875e12838ce92053102ce3cd2811cdbc1c652848f7407ff8
SSDEEP

1536:LQqttS1OmH/burnwwuCgwOK00QM2WhQ1KZ2kDR2GXKxTUtTO:LFtSAmHju7KFwOjnWhQ1oR2JxoxO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4008	1832	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 1832	2908	rundll32.exe	87
PID 2908 wrote to memory of 1832	2908	rundll32.exe	87
PID 2908 wrote to memory of 1832	2908	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb524dfd55b3a8139a232129fe6ea40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fb524dfd55b3a8139a232129fe6ea40.dll,#1
  2⤵
  PID:1832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 548
    3⤵
    - Program crash
    PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1832 -ip 1832
1⤵
PID:1104

memory/1832-0-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download