b729ee56ebcc26f3dfedfa28e30f4ed88d6c1ca223d0bc11f413938071781827

Analysis

max time kernel
93s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 15:38

Target

b729ee56ebcc26f3dfedfa28e30f4ed88d6c1ca223d0bc11f413938071781827.dll
Size

2.2MB
MD5

a8be0c45ec6aa6cae8853778d71e04a3
SHA1

dc22f9136efa8e2ba2ebd32852fcc1e52769d9aa
SHA256

b729ee56ebcc26f3dfedfa28e30f4ed88d6c1ca223d0bc11f413938071781827
SHA512

4cf736664339884764f1e94469aff97d06d4ef2e0e8165ad790e513ef5cc369ae56f784f7b9bb7ebab9bfa4b5312ac043e82a4855b791030f7d37f0cc8bac858
SSDEEP

49152:TJd0OM5F/m/8RgJWYM97tQjFozL19wNa/Wgm:VCOM5hyJTjFKp9JWgm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1684	1844	WerFault.exe	56

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1844	3940	rundll32.exe	56
PID 3940 wrote to memory of 1844	3940	rundll32.exe	56
PID 3940 wrote to memory of 1844	3940	rundll32.exe	56

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b729ee56ebcc26f3dfedfa28e30f4ed88d6c1ca223d0bc11f413938071781827.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b729ee56ebcc26f3dfedfa28e30f4ed88d6c1ca223d0bc11f413938071781827.dll,#1
  2⤵
  PID:1844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 560
    3⤵
    - Program crash
    PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1844 -ip 1844
1⤵
PID:4500