6b5dc9e89451c63b2009b7930ea7f4f9cea35ee5545fdd3be8d1892232320a18

Analysis

max time kernel
138s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 21:23

Target

758cff30671560368f83fd98213faf63.dll
Size

168KB
MD5

758cff30671560368f83fd98213faf63
SHA1

00e3a4526459e5695b94b3e307b4796b02022cfb
SHA256

6b5dc9e89451c63b2009b7930ea7f4f9cea35ee5545fdd3be8d1892232320a18
SHA512

e3aa07da122fc190fc4a7b3a4fc302f6eb7a8fa3aff5a9c858ed322b1a7583b46c7ad37dc542c9855d837bd449685c1aa298c32e9338ad2a510a54f94d53270b
SSDEEP

3072:vxwR/OWeOrsx5jP1esoZEk4D0Xb/24JYqDqXyGpRP40FWOnxhCe13AtnFP:vixeQiT1JDi/FSpRP40pnfC+UP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8	3160	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 3160	64	rundll32.exe	88
PID 64 wrote to memory of 3160	64	rundll32.exe	88
PID 64 wrote to memory of 3160	64	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\758cff30671560368f83fd98213faf63.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:64
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\758cff30671560368f83fd98213faf63.dll,#1
  2⤵
  PID:3160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 540
    3⤵
    - Program crash
    PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3160 -ip 3160
1⤵
PID:1272

memory/3160-0-0x0000000002A00000-0x0000000002A24000-memory.dmp

Filesize
144KB

Download