58f6e0afecbe143120cbdd5d67acdfe11a50b45291b5a298fd8c938a19f6e155

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 06:08

Target

cd4f79c8c24d03e0808112be24756f1c.dll
Size

124KB
MD5

cd4f79c8c24d03e0808112be24756f1c
SHA1

119683f925ad1a283e26818e8a30ec1dc37775eb
SHA256

58f6e0afecbe143120cbdd5d67acdfe11a50b45291b5a298fd8c938a19f6e155
SHA512

357723d6004bec2cd6d2946998ae07f97763c1b2a211fb83b66369ff000e9b8962726d5b2adae95b5b3524d202e1aa65d0a75498a3ae7cb4319028cbbdfc622f
SSDEEP

3072:tGdjdAj/1LMf15Nh2PvP2SMlLkufXjrS6l44vxDqfjHlUT:8VCitzh2PHwJ3Sm44BqfjHl4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4356	3652	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3652	1488	rundll32.exe	89
PID 1488 wrote to memory of 3652	1488	rundll32.exe	89
PID 1488 wrote to memory of 3652	1488	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd4f79c8c24d03e0808112be24756f1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd4f79c8c24d03e0808112be24756f1c.dll,#1
  2⤵
  PID:3652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 560
    3⤵
    - Program crash
    PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3652 -ip 3652
1⤵
PID:768

memory/3652-0-0x0000000010000000-0x000000001002D000-memory.dmp

Filesize
180KB

Download