5618423d88e3e78b183780d05ee344f2d408a295f7c8e29c17cbe18ebf9e3e60

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:51

Target

117ca919a589adae4ef998e42e104d16.dll
Size

204KB
MD5

117ca919a589adae4ef998e42e104d16
SHA1

57de5b479794080b868d03d2056fbcffc2831daf
SHA256

5618423d88e3e78b183780d05ee344f2d408a295f7c8e29c17cbe18ebf9e3e60
SHA512

d51ee2c03ca1fb72129fc6c4180ccb7a6e4928b11284c2c0a6b8006951ce8ab6227d487941ae21415995a3bcb37da934677cf2758c16ab4b02a3197a01a37414
SSDEEP

3072:WP3E4hr7WWCZ9dyDIznT2b4XFZJ00bmbJQ6WXslSMcFRIPm30qHvcO5VHaXhx+F3:WyJlFXKQZWhx+Ky

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2336	2108	WerFault.exe	16
2984	2108	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 2108	3600	rundll32.exe	16
PID 3600 wrote to memory of 2108	3600	rundll32.exe	16
PID 3600 wrote to memory of 2108	3600	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\117ca919a589adae4ef998e42e104d16.dll,#1
1⤵
PID:2108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 592
  2⤵
  - Program crash
  PID:2336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 792
  2⤵
  - Program crash
  PID:2984

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\117ca919a589adae4ef998e42e104d16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2108 -ip 2108
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2108 -ip 2108
1⤵
PID:1612