ebf4c2e8eddf16cccefe8c953c65c5be767752d90e83604ee5b6730de6edd590

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 16:04

Target

ebf4c2e8eddf16cccefe8c953c65c5be767752d90e83604ee5b6730de6edd590.dll
Size

2.1MB
MD5

8a61ce27e84eaf5e0987a229c3bc44db
SHA1

98194db2d38ec2ef9a066c72488779b8d26d9231
SHA256

ebf4c2e8eddf16cccefe8c953c65c5be767752d90e83604ee5b6730de6edd590
SHA512

c76bfc72aad8b7cf05adec45260cb18564227dc265819cf4d2a6d9c4a19fbbd04694f974cd9bdb4be1ebebfddac7d3f05b9e66935bb0b584849368ed462b9405
SSDEEP

49152:vcz84B8m/mJoQAXJmrmEfZOkNPSTqctjRTDpJMM/:k7qm/eMchPSTqsL5/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4976	2872	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 2872	4564	rundll32.exe	87
PID 4564 wrote to memory of 2872	4564	rundll32.exe	87
PID 4564 wrote to memory of 2872	4564	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebf4c2e8eddf16cccefe8c953c65c5be767752d90e83604ee5b6730de6edd590.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebf4c2e8eddf16cccefe8c953c65c5be767752d90e83604ee5b6730de6edd590.dll,#1
  2⤵
  PID:2872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 564
    3⤵
    - Program crash
    PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2872 -ip 2872
1⤵
PID:4044