f07bf397abd8b6bed01b838c3f332319c997f810ee5ec5087e761f1ccc39641a

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 01:15

Target

vcruntime140.dll
Size

88KB
MD5

1d4ff3cf64ab08c66ae9a4013c89a3ac
SHA1

f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b
SHA256

65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220
SHA512

65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26
SSDEEP

1536:Lb8h/b8bgkjohTX6pz0y9v+xSUKF1IuCmgnKecbWJdazlTjznFKwcjzBG:LbWUgkOTX6ey9v+xSjFyuBecbWnaNjjb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
452	2092	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2092	2512	rundll32.exe	88
PID 2512 wrote to memory of 2092	2512	rundll32.exe	88
PID 2512 wrote to memory of 2092	2512	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#1
  2⤵
  PID:2092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 600
    3⤵
    - Program crash
    PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2092 -ip 2092
1⤵
PID:2216