b4fa25ec1b33eb04d9205e5d8aa9508ad48ff16b5a5d04ec33fb7c1c964669b3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 02:49

Target

1416-56-0x0000000000890000-0x0000000000944000-memory.dll
Size

720KB
MD5

31a334136bff9b0ac121a7e63aef18da
SHA1

b537ff8e1849b59a12f102722be4d46d35aa0218
SHA256

b4fa25ec1b33eb04d9205e5d8aa9508ad48ff16b5a5d04ec33fb7c1c964669b3
SHA512

70366995dd4765fe4bd26b0b38ac201a69444b8eadf9f92fb3dedf2940aa7222871bb9d05a58997ea65b97dc2b3d65391e6b2a3819916d06e7a13525c18e12a0
SSDEEP

768:t2MkJnRTiYm9Pv3Qy+qR4AeeQhOGCBzp3B9DzwobBoIPTYt:RkJnRWYmeFquNeQhqFpxdTbBoIP

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4852 1884 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4852	1884	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4856 wrote to memory of 1884	4856	rundll32.exe	rundll32.exe
PID 4856 wrote to memory of 1884	4856	rundll32.exe	rundll32.exe
PID 4856 wrote to memory of 1884	4856	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-56-0x0000000000890000-0x0000000000944000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-56-0x0000000000890000-0x0000000000944000-memory.dll,#1
2⤵
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 560
3⤵
- Program crash
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1884 -ip 1884
1⤵
PID:3884