49762170db147555d304acb4826d0ccd0905e525f82a9b97121437eced16c8be

Analysis

max time kernel
130s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 08:04

Target

4874291183bce737e1f388844fed703e.dll
Size

55KB
MD5

4874291183bce737e1f388844fed703e
SHA1

bdb922b5967c02acf7ffacc88c6cfe4a6788e117
SHA256

49762170db147555d304acb4826d0ccd0905e525f82a9b97121437eced16c8be
SHA512

ad90635f114df1ef3f240bbd2e495f4b963f52c139a5a827e65448f58a7048156db3ae17d774316aa5caf40920643c88e88da022c69fa73dcc4cb4dfd4aefab4
SSDEEP

768:3RGPvb8CxSP9ESKIDx6zuSIg2gJE4x3kRfD09j3sTXS/IkTr6TzWYnamK+H:3RpCxSPfpxeuPg2RbO8TXRkT+PXVH

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	3328	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3328	4060	rundll32.exe	90
PID 4060 wrote to memory of 3328	4060	rundll32.exe	90
PID 4060 wrote to memory of 3328	4060	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4874291183bce737e1f388844fed703e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4874291183bce737e1f388844fed703e.dll,#1
  2⤵
  PID:3328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 632
    3⤵
    - Program crash
    PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3328 -ip 3328
1⤵
PID:876

memory/3328-0-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3328-1-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download