3993dd688ff9d097a74c2e6bbbb2d13bfd6a28f32b4c91090c131c632a2f715d

Analysis

max time kernel
145s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:45

Target

104d32ff96345bb6291a167f2495bef6.dll
Size

123KB
MD5

104d32ff96345bb6291a167f2495bef6
SHA1

40d3ec1708f7f92a507b592920d1673399067d94
SHA256

3993dd688ff9d097a74c2e6bbbb2d13bfd6a28f32b4c91090c131c632a2f715d
SHA512

7929201477c007f8736d29846438fcd304b431fb852cc516c2c6560075666aecc577b5b1a737b69c8883eaad611b8ff1cf14f21aa40e8a4faf52be72985a2434
SSDEEP

768:hynRlyblZLg2OSCAqJVg52XfpY7oV0rYLIP14hpj8MK8N1/iAxuUzzWgLqi8Vbk+:hxitDS5cf677Pe1J1/imuUzILbk971U

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1592	3836	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 3836	980	rundll32.exe	16
PID 980 wrote to memory of 3836	980	rundll32.exe	16
PID 980 wrote to memory of 3836	980	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\104d32ff96345bb6291a167f2495bef6.dll,#1
1⤵
PID:3836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 548
  2⤵
  - Program crash
  PID:1592

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\104d32ff96345bb6291a167f2495bef6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3836 -ip 3836
1⤵
PID:5052

memory/3836-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download