b77dcf706aa83b930c638fc634a7504ee7fb2ea7fba87de3eae54c1fe65e20b8

Analysis

max time kernel
136s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 12:24

Target

a1dc7d39608d1575af0c8a64873f4f74.dll
Size

128KB
MD5

a1dc7d39608d1575af0c8a64873f4f74
SHA1

5bdb48611b6f4094aaa19c8014cb9ce2907b04e0
SHA256

b77dcf706aa83b930c638fc634a7504ee7fb2ea7fba87de3eae54c1fe65e20b8
SHA512

4e55712fd7973891d6be1ba4e930d368f83fed0b9972d0c15525e6938f28fcac5a1e9104bcbb129810aa95220a6cb7ffcada0511ecb6d189baed67de4fdf7109
SSDEEP

1536:KQWU5qVByaUDY0W9DT2hMwhiJtkaWQjGFUUkIJIL5ZJ4nuNG:KQWcGkayWRkhi7mUUk958I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	912	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 912	4380	rundll32.exe	87
PID 4380 wrote to memory of 912	4380	rundll32.exe	87
PID 4380 wrote to memory of 912	4380	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1dc7d39608d1575af0c8a64873f4f74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1dc7d39608d1575af0c8a64873f4f74.dll,#1
  2⤵
  PID:912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 852
    3⤵
    - Program crash
    PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 912 -ip 912
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 912 -ip 912
1⤵
PID:2256

memory/912-0-0x0000000074AB0000-0x0000000074AE5000-memory.dmp

Filesize
212KB

Download
memory/912-1-0x0000000074AB0000-0x0000000074AE5000-memory.dmp

Filesize
212KB

Download