0241b90dff6b2c76bcae2c50ff1b4a1d8957ffedd6b316ec9d4f0d454748959b

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 07:13

Target

0241b90dff6b2c76bcae2c50ff1b4a1d8957ffedd6b316ec9d4f0d454748959b.dll
Size

1008KB
MD5

08efe8c1385e8f77a510aced92392afb
SHA1

8ee66b0f2b08e35c845d38164969072a8a22a87b
SHA256

0241b90dff6b2c76bcae2c50ff1b4a1d8957ffedd6b316ec9d4f0d454748959b
SHA512

56224e0e2215a171bf6bcb00b93013cb36a421b1f9e6f858aecb995f36d50090b6ef816ee6d715ec2097862605f2f587fc273058f0dfadbf20d9b366bb9147d2
SSDEEP

12288:mw68Ryl0S+oK+QF9Jfg7zSw06lrPlAwwTnH+MpU1IVZp:EwgN+KQzlg7zSw0kNAHTnsi

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4548	2884	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 2884	5064	rundll32.exe	85
PID 5064 wrote to memory of 2884	5064	rundll32.exe	85
PID 5064 wrote to memory of 2884	5064	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0241b90dff6b2c76bcae2c50ff1b4a1d8957ffedd6b316ec9d4f0d454748959b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0241b90dff6b2c76bcae2c50ff1b4a1d8957ffedd6b316ec9d4f0d454748959b.dll,#1
  2⤵
  PID:2884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 572
    3⤵
    - Program crash
    PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2884 -ip 2884
1⤵
PID:2164

memory/2884-1-0x000000006BAC0000-0x000000006BBC3000-memory.dmp

Filesize
1.0MB

Download