ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 12:00

Target

ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll
Size

2.2MB
MD5

babfedc8cb68df0196607d5acd49b28b
SHA1

700c188a362e979753b890b61757932ca888a4fc
SHA256

ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816
SHA512

9899b4e133ee35da3c052c940f18cfac1f84db75ee8d583cb3da6a1357f886114eab98a42ac894c15855c9308e686c84bbbd811510b50938f07e4b907bc508ad
SSDEEP

49152:TJd0OM5FVm/8RgJsYM97tQjFozL19wNa/WgB:VCOM5jyJ1jFKp9JWgB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1068	468	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 468	4876	rundll32.exe	88
PID 4876 wrote to memory of 468	4876	rundll32.exe	88
PID 4876 wrote to memory of 468	4876	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#1
  2⤵
  PID:468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 564
    3⤵
    - Program crash
    PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 468 -ip 468
1⤵
PID:4628