c0bd0c9ec6321184e4093d2de07876650074121c87f938e70936d56ab0067876

Analysis

max time kernel
95s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 19:33

Target

c0bd0c9ec6321184e4093d2de07876650074121c87f938e70936d56ab0067876.dll
Size

2.2MB
MD5

529c1a79fc53307f3316bf84cd063e45
SHA1

67958399ab0608c8a74739a3440408ec35c2b3e5
SHA256

c0bd0c9ec6321184e4093d2de07876650074121c87f938e70936d56ab0067876
SHA512

59ea26a4b4ffa3651bddbb15e5d5884cab37ba1376a65b6c6dd7ab0e83f5bc5a4f8aa9b76ca1b61d466d938cafedf10d127a141e8b6c4743b3587104e3ecd7d5
SSDEEP

49152:TJd0OM54ym/8RgJMYM97tQjFozL19wNa/WgT:VCOM5zyJVjFKp9JWgT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2972	1104	WerFault.exe	74

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1104	1180	rundll32.exe	74
PID 1180 wrote to memory of 1104	1180	rundll32.exe	74
PID 1180 wrote to memory of 1104	1180	rundll32.exe	74

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0bd0c9ec6321184e4093d2de07876650074121c87f938e70936d56ab0067876.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0bd0c9ec6321184e4093d2de07876650074121c87f938e70936d56ab0067876.dll,#1
  2⤵
  PID:1104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 560
    3⤵
    - Program crash
    PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1104 -ip 1104
1⤵
PID:3096