22a8cfc2108def2f0b9efa3e63c223f216cbbfc50eb7fb8db8b2e055afd07375

Analysis

max time kernel
138s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 23:54

Target

7e562f53e4030699ca20ad39bf3e97f8.dll
Size

118KB
MD5

7e562f53e4030699ca20ad39bf3e97f8
SHA1

3ae36d17db53d6c79fac692a7b0f02d85796445d
SHA256

22a8cfc2108def2f0b9efa3e63c223f216cbbfc50eb7fb8db8b2e055afd07375
SHA512

fe748ba835cc45e3b7d92bc44f5774bb9a419ebcf4e3674e9adaf7bb822fde8a16c00b6fec26d3c01da1d189723d02bc8aec4f0117577b9605c34fb0173ffeeb
SSDEEP

3072:cdngK7aidAEMG3hjHZdri+z6gBSOHZIJ5idPidfmiRDmdZ:ch77liNAviS5ZUsi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4724	4528	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4528	3336	rundll32.exe	84
PID 3336 wrote to memory of 4528	3336	rundll32.exe	84
PID 3336 wrote to memory of 4528	3336	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e562f53e4030699ca20ad39bf3e97f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e562f53e4030699ca20ad39bf3e97f8.dll,#1
  2⤵
  PID:4528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 572
    3⤵
    - Program crash
    PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4528 -ip 4528
1⤵
PID:4472

memory/4528-0-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download
memory/4528-1-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download