f91f44aa6c267f3e6030b6097c3d8039eccc07a6761ca7f04929f3050a01de28

Analysis

max time kernel
92s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 20:02

Target

a2a13778f41be67d7c50d162cccf00e4.dll
Size

26KB
MD5

a2a13778f41be67d7c50d162cccf00e4
SHA1

9cedc119c8024cd40507bd6b8b7503ee93e88cd4
SHA256

f91f44aa6c267f3e6030b6097c3d8039eccc07a6761ca7f04929f3050a01de28
SHA512

d93a7b27dbd2cc67046e820392ce15d42d7c04bd7f2e5efbfdcb25a99afc75af79139931e824feef3afcabc5bb42d4373d806aec886929fa1c71f741d1134268
SSDEEP

384:lFDJdD+uZLJJ4AS9eDGzcPeIcJbyRJs9CPSEyh2y8qIwrmdYMt/cm0MULSPV1IoQ:rT+sJJ4B9eizcPqjGxy8bwrOJUAVPJy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4944	3920	WerFault.exe	60

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3920	2904	rundll32.exe	60
PID 2904 wrote to memory of 3920	2904	rundll32.exe	60
PID 2904 wrote to memory of 3920	2904	rundll32.exe	60

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2a13778f41be67d7c50d162cccf00e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2a13778f41be67d7c50d162cccf00e4.dll,#1
  2⤵
  PID:3920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 544
    3⤵
    - Program crash
    PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3920 -ip 3920
1⤵
PID:4824

memory/3920-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download