d75e0d6bfd6cfcd82414ceb55011cca60eb4dc428539a8e7277644225dc82d8f

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:57

Target

17c039b38e5ac84790eb44dd3f24d03d.dll
Size

7KB
MD5

17c039b38e5ac84790eb44dd3f24d03d
SHA1

965e9479a697c397129865640f0869367fa17095
SHA256

d75e0d6bfd6cfcd82414ceb55011cca60eb4dc428539a8e7277644225dc82d8f
SHA512

c7ba472faeb63d6d45a965bd8b071b463da97b8607de966538045b0ac2ed16c73fb1746a390b0396bfa4df00b62e22526b5237a74d05aeabb514583dd3988cef
SSDEEP

96:AEz144444444444444444Bu44444444444444444A44444444444444444144441:AEQi8KzKVQuRdxWdV06qKKF2dKF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2328	4640	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4640	4944	rundll32.exe	14
PID 4944 wrote to memory of 4640	4944	rundll32.exe	14
PID 4944 wrote to memory of 4640	4944	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17c039b38e5ac84790eb44dd3f24d03d.dll,#1
1⤵
PID:4640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 960
  2⤵
  - Program crash
  PID:2328

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17c039b38e5ac84790eb44dd3f24d03d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4640 -ip 4640
1⤵
PID:4388