33b6bda3402228c525e725ab084092107b39e9246c49239835a19758ded1d3ae

Analysis

max time kernel
144s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:48

Target

1900593c14803ca43c128d74b9aedda4.dll
Size

95KB
MD5

1900593c14803ca43c128d74b9aedda4
SHA1

7e9e0489c6a0528fa2830fcd01028f9895c13e3e
SHA256

33b6bda3402228c525e725ab084092107b39e9246c49239835a19758ded1d3ae
SHA512

77cc4de647410f1f6364019e1dd3c459c0af6eb04d6f80bb5775db7ff797018b1b1821c1adbb2a80951ae027149b05568c3468081727d67bfb077c9599c08ebf
SSDEEP

1536:IPFJHJTXUP6GXMod1OS/bcbHFfB18wnCrsKekM6mOx:gFPQ6GX91F/bUH9B18jrsKekM6mOx

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	4772	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 4772	4012	rundll32.exe	89
PID 4012 wrote to memory of 4772	4012	rundll32.exe	89
PID 4012 wrote to memory of 4772	4012	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:4772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 716
    3⤵
    - Program crash
    PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4772 -ip 4772
1⤵
PID:1856