926ae32f7146287e0ae8e630542599b03ab25c4ba43dd169090f4b391c86fe5e

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 12:00

Target

926ae32f7146287e0ae8e630542599b03ab25c4ba43dd169090f4b391c86fe5e.dll
Size

2.2MB
MD5

32f09cb9569b12903d5c3c8c22d37979
SHA1

07f9ace403db7c7cd863aaffd253b58a5203eaae
SHA256

926ae32f7146287e0ae8e630542599b03ab25c4ba43dd169090f4b391c86fe5e
SHA512

fd769a59a7707f644b53733428389f108eac777ed014041fd6014f17f2719590bbff6180721efd8ab05f9bf5109d26f9f16ee241c67042cfbda8d0052e4ad805
SSDEEP

49152:TJd0OM5Fymx8RgJDYM97tQjFozL19wNa/Wgr1q1:VCOM5YyJajFKp9JWgrU1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4816	212	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 212	880	rundll32.exe	90
PID 880 wrote to memory of 212	880	rundll32.exe	90
PID 880 wrote to memory of 212	880	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\926ae32f7146287e0ae8e630542599b03ab25c4ba43dd169090f4b391c86fe5e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\926ae32f7146287e0ae8e630542599b03ab25c4ba43dd169090f4b391c86fe5e.dll,#1
  2⤵
  PID:212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 560
    3⤵
    - Program crash
    PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 212 -ip 212
1⤵
PID:3012