1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 05:38

Target

1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3.dll
Size

17.4MB
MD5

078996597686e5b1777869045dc340dc
SHA1

f308bb3531571d624cd98799c6cf6774f18a5f38
SHA256

1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3
SHA512

7c033965c70731d7bbebf9966e4cfc0804a2b41933fac8f440f6b2c992781f13574b5ad1227da9484d88f2c7d74898a432f99fb5f3c0759564feea10b1a49371
SSDEEP

393216:P1qGMMtyaJYWrILsMA8xdp+1hmQ8OHwtBbEE9jb4:P1nttH38LsMA8xd1Dl4

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log	rundll32.exe
File created	C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2404	436	WerFault.exe	56

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
436	rundll32.exe
436	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 436	4408	rundll32.exe	56
PID 4408 wrote to memory of 436	4408	rundll32.exe	56
PID 4408 wrote to memory of 436	4408	rundll32.exe	56

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 696
    3⤵
    - Program crash
    PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 436 -ip 436
1⤵
PID:5116

C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log

Filesize
245B

MD5
e3a8ea9fb26a2ccd80fe70b5ff21fa9f

SHA1
9a8c845c57d896bb9acc4ab23244d6e53bf645ab

SHA256
2845db771f9fa260c9feaec03e8ab7dd38aed4f8c7cb250ea694ac49c70fd94d

SHA512
4cdafed79a50f2cf1f7b5659baf2139e97d32d13c857cdbd2e84b6046ffc09136ca99d667c09767b76385c6f825748c4fabedd38ed6391476980ecf17a23ad85

Download Submit
memory/436-0-0x0000000001E90000-0x0000000003012000-memory.dmp

Filesize
17.5MB

Download
memory/436-2-0x0000000001E90000-0x0000000003012000-memory.dmp

Filesize
17.5MB

Download
memory/436-4-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/436-3-0x00000000030A0000-0x00000000030A1000-memory.dmp

Filesize
4KB

Download
memory/436-5-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/436-9-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/436-8-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/436-7-0x0000000001E90000-0x0000000003012000-memory.dmp

Filesize
17.5MB

Download
memory/436-6-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/436-17-0x0000000003150000-0x0000000003151000-memory.dmp

Filesize
4KB

Download
memory/436-18-0x0000000001E90000-0x0000000003012000-memory.dmp

Filesize
17.5MB

Download