bc1889cbc622bb9344eb11e9947637937a76a526e094b1c3f493eef13dd584ec

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 18:32

Target

bc1889cbc622bb9344eb11e9947637937a76a526e094b1c3f493eef13dd584ec.dll
Size

615KB
MD5

9c250696f8b44d5ef24265e9ed4fc6d6
SHA1

bed1c9efeb16b6297727586a379a3db3e55b186e
SHA256

bc1889cbc622bb9344eb11e9947637937a76a526e094b1c3f493eef13dd584ec
SHA512

d4081c74a30ab2d0a51607efe811c8d671d1010b483c4e82e29049e0eeb3fe85787f36895203506acabbdaffa28355e171b501667157d3647cb59bcbd51aa1f3
SSDEEP

6144:7aNco7YgpQJHT64uaIYlWRD+mWaMNEpwq+5sqjcq4cTa+xysqKvmroh1Ks7ZSGwD:2Rp4HT64qL0a3oHJd/B67ln2PAM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3660	2768	WerFault.exe	67

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2768	4772	rundll32.exe	67
PID 4772 wrote to memory of 2768	4772	rundll32.exe	67
PID 4772 wrote to memory of 2768	4772	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1889cbc622bb9344eb11e9947637937a76a526e094b1c3f493eef13dd584ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1889cbc622bb9344eb11e9947637937a76a526e094b1c3f493eef13dd584ec.dll,#1
  2⤵
  PID:2768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 552
    3⤵
    - Program crash
    PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2768 -ip 2768
1⤵
PID:3888