80cc8b9417a1dbaf03ce2eae4d67aebee1487146a35b879f7695064ac57fd020

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 22:36

Target

87d7bea732bd67feb563bb76017d438a.dll
Size

847KB
MD5

87d7bea732bd67feb563bb76017d438a
SHA1

39254cbc0b7c863687a477d6ada8327d6889a9e3
SHA256

80cc8b9417a1dbaf03ce2eae4d67aebee1487146a35b879f7695064ac57fd020
SHA512

f918d17b0d74b3ef12614e2fd6122ec36c309b25532d6aa8ac3bf65e7bf23435d247e8fcb679a9cde14d93d5f4d4bc5343725ec839b74bbf619a7c0545d0bbfb
SSDEEP

24576:dn76hXX7w4OQfkKWksCdUG0EtQK8lz9Cd7X700q/Lg:dn76xXU4rf9WkpdUpYNd30h/M

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
460	1720	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 1720	3692	rundll32.exe	85
PID 3692 wrote to memory of 1720	3692	rundll32.exe	85
PID 3692 wrote to memory of 1720	3692	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d7bea732bd67feb563bb76017d438a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d7bea732bd67feb563bb76017d438a.dll,#1
  2⤵
  PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 652
    3⤵
    - Program crash
    PID:460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1720 -ip 1720
1⤵
PID:4996

memory/1720-0-0x0000000002090000-0x0000000002195000-memory.dmp

Filesize
1.0MB

Download
memory/1720-1-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download