f1a7d722c82cabf9917389b882b18e0d57e6ce38bca3fb1d9a60cc97cfccfbcf

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 01:57

Target

76166b6561edc63dd3e1b72726244773.dll
Size

7.6MB
MD5

76166b6561edc63dd3e1b72726244773
SHA1

b5d28344e0417768dd4e92de611993d5b2f95533
SHA256

f1a7d722c82cabf9917389b882b18e0d57e6ce38bca3fb1d9a60cc97cfccfbcf
SHA512

ce694b4b083806b3fa22243fea0291a56c5e1efa1e1b4b92a77b0ccef078d35cc25218beb58682b77004f44ad0c560a6776770f0ea708aa4921b0b8445638714
SSDEEP

98304:acOs+XUrviDxpI7iM9zybCsK0o35TATtDtJTbRqNs18dpjnGapagoF4FsaBlFpPk:zOs+EvKxszuCs3opkPJT1vCXj7Njghd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
624	404	WerFault.exe	38

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
404	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 404	5036	rundll32.exe	38
PID 5036 wrote to memory of 404	5036	rundll32.exe	38
PID 5036 wrote to memory of 404	5036	rundll32.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76166b6561edc63dd3e1b72726244773.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76166b6561edc63dd3e1b72726244773.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 760
    3⤵
    - Program crash
    PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 404 -ip 404
1⤵
PID:388