96ccf04bd84f96359a2876d3204697ce5aa20dbb62365fa17d265511d6f7c9a6

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 17:41

Target

683dd6fbc6c86b24863d2a54016fb94f.dll
Size

106KB
MD5

683dd6fbc6c86b24863d2a54016fb94f
SHA1

0f9c319a5c4c9c91310113af221a8777064d4fae
SHA256

96ccf04bd84f96359a2876d3204697ce5aa20dbb62365fa17d265511d6f7c9a6
SHA512

ddbebc08e879780811604d9a3b9df9664cda8ad6971a0faee50b9c81323449040089a7664737bee339a381ff2f152ec7420355984216316dd5c0ea4bf6496b4d
SSDEEP

3072:kajVVWR9a39WuNN26E0Rc8pusobWKQh+srJ1gkip6jby88:lVMHiN24Xuj5QQ8JmY8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3416	2240	WerFault.exe	63

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2240	2132	rundll32.exe	63
PID 2132 wrote to memory of 2240	2132	rundll32.exe	63
PID 2132 wrote to memory of 2240	2132	rundll32.exe	63

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\683dd6fbc6c86b24863d2a54016fb94f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\683dd6fbc6c86b24863d2a54016fb94f.dll,#1
  2⤵
  PID:2240
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 580
    3⤵
    - Program crash
    PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2240 -ip 2240
1⤵
PID:2784

memory/2240-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/2240-1-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download