7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76

Analysis

max time kernel
133s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 04:31

Target

7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll
Size

949KB
MD5

81cec95dd59c01bd5f1349d7fdaa8011
SHA1

1e416b0ec57c766c7ff11b457654e7f3e21abe30
SHA256

7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76
SHA512

739b65fad7a21ec0a304406af29228e9f8698c4d4d708ed61dbef7e8ae97faa7cc34d7674b5e8bfd5bc5fc8e1a021da6fe2a1240250294b3b1ac80e1fd92ad20
SSDEEP

24576:/UrlDUTEEp0nDkklslEzl7jCslbcwbZjQFnrEH7q:MrlDUTKDkkWqZfCslbbZjQF3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4456	2864	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 2864	5104	rundll32.exe	86
PID 5104 wrote to memory of 2864	5104	rundll32.exe	86
PID 5104 wrote to memory of 2864	5104	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll,#1
  2⤵
  PID:2864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 564
    3⤵
    - Program crash
    PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2864 -ip 2864
1⤵
PID:3944