f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13

Analysis

max time kernel
919s
max time network
1606s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
28-03-2024 03:20

Target

f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13.dll
Size

24KB
MD5

1cd4217604139e1a874ddfb8216c2adf
SHA1

8749006e14481dee76767da58f0347fc1a9e1eea
SHA256

f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13
SHA512

7a3b96f2bd1711e13f03c755235b7226decf583c5a4be155f0d05292015fa0b1a71ccff031dd29e47dad8d3391f3ae67e00e6ea9f8fe40b22d496e2cdd84ccde
SSDEEP

192:iSpTHu+xRv0dZyD79CJhcD9I+2WhhkTfuzWr5U2ko9c:ZTACDH2mhAfPC2D9c

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4408 2944 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4408	2944	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3152 wrote to memory of 2944	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 2944	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 2944	3152	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f89cdef299637000f1837fccd2f90673aabeae3e6fb7b03badca0eb89a43aa13.dll,#1
2⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 624
3⤵
- Program crash
PID:4408