a2229633a849c2931aeff5db03229846dacf91bf6b2413315ee9fae83d427ae8

Analysis

max time kernel
147s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 17:24

Target

3aa0a2b2afd8958876f799bd03307fa9.dll
Size

8KB
MD5

3aa0a2b2afd8958876f799bd03307fa9
SHA1

683302ef2eb3f3af4fd11c2ecf0f6acb53ee775f
SHA256

a2229633a849c2931aeff5db03229846dacf91bf6b2413315ee9fae83d427ae8
SHA512

fec43b66a7720aac0ebcff169d11325b4129084f5e2678089501d904971e469d3cf3d9073e449f570fce6c18c47851f5067d1373a128d601c97ea9fdd635f129
SSDEEP

192:eQ4aakuWrEZ/KftYIgpHdgEYgkViqlIiyacqIZ06pd2dl:X4aawEs1YIQ9q8ioZ06pEP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4536	5036	WerFault.exe	58

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 5036	804	rundll32.exe	58
PID 804 wrote to memory of 5036	804	rundll32.exe	58
PID 804 wrote to memory of 5036	804	rundll32.exe	58

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aa0a2b2afd8958876f799bd03307fa9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aa0a2b2afd8958876f799bd03307fa9.dll,#1
  2⤵
  PID:5036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 544
    3⤵
    - Program crash
    PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5036 -ip 5036
1⤵
PID:4940