bf1dfa56817e8645aab3a787f60324a18607af743148e66ff0f6b3bf1513b907

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 12:55

Target

67ac108cb77b791aa3938c9ec341e14a.dll
Size

88KB
MD5

67ac108cb77b791aa3938c9ec341e14a
SHA1

2b120d255636528e29512f46126479d5d8ee53a8
SHA256

bf1dfa56817e8645aab3a787f60324a18607af743148e66ff0f6b3bf1513b907
SHA512

4d7fdb9da808bf2c4d91616f01ac649e4f9acc68d4a85b6f14bc4a6c93793010410964c9eabad216a69d56662b9c3a2a0468ddff821e7897b3e6f5ab25e4ec68
SSDEEP

1536:NjQ8TRxbC9uKc4s6RP0auQK8+4Vm+9F31SvgTB/8pr3I+2zokVobRGXR3HBHW/mB:NFRxbC9uKtsusbj4tTlSvgTB/or32zoE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4656	4364	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 4364	676	rundll32.exe	86
PID 676 wrote to memory of 4364	676	rundll32.exe	86
PID 676 wrote to memory of 4364	676	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ac108cb77b791aa3938c9ec341e14a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ac108cb77b791aa3938c9ec341e14a.dll,#1
  2⤵
  PID:4364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 548
    3⤵
    - Program crash
    PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4364 -ip 4364
1⤵
PID:3076

memory/4364-0-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download