f3e1575cb570bd53e53b537b5b8ea85ad6ca797278f146ea8367cd7fbbc770b0

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 08:32

Target

f3e1575cb570bd53e53b537b5b8ea85ad6ca797278f146ea8367cd7fbbc770b0.dll
Size

1.1MB
MD5

21b095821c90808cf41a0b571af1eb0c
SHA1

c6d8c50b729f3ae2e54365ab5c98ea3334422d7b
SHA256

f3e1575cb570bd53e53b537b5b8ea85ad6ca797278f146ea8367cd7fbbc770b0
SHA512

6fcda61603fe4f96ea1870bd858617b5893cc044aa17fdc716ac799f8ccd62ccf4f4f98504142cdb3b64d46236a0849f003987c31159c68c11bc7b368f4ce7d5
SSDEEP

24576:4+MyfAPYDPZwh116pHtfW/kWOf/lOB3Zz6ZB+u3nnN:GyfAgZwkpHrWOf/lOB3Zz6uKN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2984	3492	WerFault.exe	13

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3492	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3492	2280	rundll32.exe	13
PID 2280 wrote to memory of 3492	2280	rundll32.exe	13
PID 2280 wrote to memory of 3492	2280	rundll32.exe	13

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3e1575cb570bd53e53b537b5b8ea85ad6ca797278f146ea8367cd7fbbc770b0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3e1575cb570bd53e53b537b5b8ea85ad6ca797278f146ea8367cd7fbbc770b0.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 692
    3⤵
    - Program crash
    PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3492 -ip 3492
1⤵
PID:4712