adbfbe82ecf7d4312c20700fbeb3540453589f8b9b5d1f3398e5750d5fa63505

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 18:45

Target

781c05eabf4eb91fba62fb30b67b2dd7.dll
Size

133KB
MD5

781c05eabf4eb91fba62fb30b67b2dd7
SHA1

ed68d892c555a9bed4c56aa37849eb0d70094516
SHA256

adbfbe82ecf7d4312c20700fbeb3540453589f8b9b5d1f3398e5750d5fa63505
SHA512

cca6c4f4eb6a811da63a5b94d778a5c03930928f37946595bd370f9a0f5841580137ee2c5f36bf38163e73f6fb4c00e4a4cf876dab71894b323dffaa7fb5658e
SSDEEP

3072:QgbLwlR/nR9QYfOjdqFyCtpRLKG/QMtqb473+:QsLQD9QyOjdqFyCtjLr/QMtqMK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1368	860	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 860	3480	rundll32.exe	86
PID 3480 wrote to memory of 860	3480	rundll32.exe	86
PID 3480 wrote to memory of 860	3480	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\781c05eabf4eb91fba62fb30b67b2dd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\781c05eabf4eb91fba62fb30b67b2dd7.dll,#1
  2⤵
  PID:860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 728
    3⤵
    - Program crash
    PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 860 -ip 860
1⤵
PID:1640

memory/860-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download