882ef4188b23ac62d852aafe6c3988c2d2b25d2af605f9483a376d473bec47b3

Analysis

max time kernel
156s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:21

Target

39a11cbbe138caacaff8d2c94662e5a2.dll
Size

13.1MB
MD5

39a11cbbe138caacaff8d2c94662e5a2
SHA1

3d647d0133587eb96dd50396af96593c8029b793
SHA256

882ef4188b23ac62d852aafe6c3988c2d2b25d2af605f9483a376d473bec47b3
SHA512

8c39208bc049cd818ecb45646ea8152cbe6560392ff63b6d97c97e91fbbce95f2be073b37fc2d53b9dd0b81113d2856594bf9f8b0e0379495147314e294efe24
SSDEEP

196608:Fg/boOtHE8FPTQ8BJ1rCVhI7s4L/bwjiWv3crpYp:iToX8FM8RCWs4L/lWv3clY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
404	3704	WerFault.exe	53

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 3704	1080	rundll32.exe	53
PID 1080 wrote to memory of 3704	1080	rundll32.exe	53
PID 1080 wrote to memory of 3704	1080	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a11cbbe138caacaff8d2c94662e5a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a11cbbe138caacaff8d2c94662e5a2.dll,#1
  2⤵
  PID:3704
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 784
    3⤵
    - Program crash
    PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3704 -ip 3704
1⤵
PID:3372

memory/3704-0-0x0000000002D10000-0x0000000003A2E000-memory.dmp

Filesize
13.1MB

Download
memory/3704-2-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

Filesize
4KB

Download
memory/3704-3-0x0000000002D10000-0x0000000003A2E000-memory.dmp

Filesize
13.1MB

Download