a0e28f0adaa9d94749ac87434c3d23339ace929ea9c549f2af2bccbd0c723e17

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:42

Target

iexpress/ADVPACK.dll
Size

94KB
MD5

19a7ce0d6801f6a9db7db00afaed2ad8
SHA1

b111133166bfdc8c2f4441e109e2fd6858db0843
SHA256

43fbc5c707b6bd8034387fa4ff12fa7c615ed6e2b4747326da7d654a69354ca1
SHA512

010a5840b1dcbbbc5f1fd090ee631964d0e9a292f9e8855c965c9bb47cb126e7f613d1f9a5257c2dae99124a4214872ff424cd6fd4e4a85b90f71ef90655d179
SSDEEP

1536:uYiYmCYFDNSaGi2oYwrvt810X+04zYlxyJCxbPOe7MlMIMQ+clqXRK58Nkj/CdJU:xt0swrvO0X+LzoDOewMZfcI2j/wJYPL4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2628	436	WerFault.exe	47

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 436	4812	rundll32.exe	47
PID 4812 wrote to memory of 436	4812	rundll32.exe	47
PID 4812 wrote to memory of 436	4812	rundll32.exe	47

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\ADVPACK.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\ADVPACK.dll,#1
  2⤵
  PID:436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 636
    3⤵
    - Program crash
    PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 436 -ip 436
1⤵
PID:2984