3851bf54d6b76587d07bd14017fb6f023faba360f379242d7f244e2ed71c7c6b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 03:50

Target

c4e60f80561687c0500a397b1cf138cb.dll
Size

88KB
MD5

c4e60f80561687c0500a397b1cf138cb
SHA1

006d146578c0124c2e40d263945c23f1eb43c0fb
SHA256

3851bf54d6b76587d07bd14017fb6f023faba360f379242d7f244e2ed71c7c6b
SHA512

ab85f804a0678297d461409010f07fe0ea021ca519314eab0a8b721e964cef9c6e6d305c8c27ec150fd7d75f28262bdbfd2e578e0331023f98ed2917a709ef6a
SSDEEP

1536:0ioISy8tYIZWrJeHOa+ht4v7mBTIwJAIxSBSW2BgULx6rjxfC:7oISxYqWrJeHj+cLw2IEAW2B16xfC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3884	4996	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 4996	4044	rundll32.exe	86
PID 4044 wrote to memory of 4996	4044	rundll32.exe	86
PID 4044 wrote to memory of 4996	4044	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4e60f80561687c0500a397b1cf138cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4e60f80561687c0500a397b1cf138cb.dll,#1
  2⤵
  PID:4996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 560
    3⤵
    - Program crash
    PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4996 -ip 4996
1⤵
PID:1884

memory/4996-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download