72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 21:02

Target

72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll
Size

179KB
MD5

1f1a55e6fb038c90167c6c45146d5d92
SHA1

1a4e0f3d8156b6b126d673183e545773e1ab1b13
SHA256

72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846
SHA512

59d6e623134784350d1d5e5b1020483abd0d2b163611656242cad8423c5f9bb480a053a5c740d1d4e1abbdad8a615c751be1d5262d9417488fc24a8d2f1fa1c0
SSDEEP

3072:3ncwv7ebBHoXcva8ZpZ4QWytYEazKHdoK5KixPt9QzHXO/lAXlUVqglM/:8VHoXhfwaOHaK5ng3pXyVre

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4652	3852	WerFault.exe	21
4500	3852	WerFault.exe	21

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 3852	4124	rundll32.exe	21
PID 4124 wrote to memory of 3852	4124	rundll32.exe	21
PID 4124 wrote to memory of 3852	4124	rundll32.exe	21

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72d95f3cb92089a8d3fca049a630d0ef30a431c83b2986a7af514e2639b1c846.dll,#1
  2⤵
  PID:3852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 548
    3⤵
    - Program crash
    PID:4652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 828
    3⤵
    - Program crash
    PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3852 -ip 3852
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 3852 -ip 3852
1⤵
PID:464