2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:32

Target

2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll
Size

1.3MB
MD5

c6d657e451dc7a6eb4b0ef09cb579f96
SHA1

c95888a9298c6537171e0803dc21fb52ec782a76
SHA256

2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0
SHA512

86eb4bd01e72a9e0963cc04a9d8344b94c87b0ce2bfe2353346c6a6423ad016e016c6cf9025155390612d48cad778bd26d37d60a6b7b6ba2e00ff3c194c13dbf
SSDEEP

24576:XRT0EtXhsXDLgQsSulh2Z6ytyFJpckYatFaC4sg2FceB91amcH32+6bKstESrEHu:hYEXsX9clsZQplrdg2yeZFcH3+tEA

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4816 4284 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4816	4284	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4468 wrote to memory of 4284	4468	rundll32.exe	rundll32.exe
PID 4468 wrote to memory of 4284	4468	rundll32.exe	rundll32.exe
PID 4468 wrote to memory of 4284	4468	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll,#1
2⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 560
3⤵
- Program crash
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4284 -ip 4284
1⤵
PID:1020