0035fe4b63a2d62b740b0424dffc33150f55d86ef46b82887eba2b27069427f2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 10:11

Target

0035fe4b63a2d62b740b0424dffc33150f55d86ef46b82887eba2b27069427f2.dll
Size

4.3MB
MD5

12bf1e193cf6e333b62bd5059918810b
SHA1

13e97e6cbaec3bf10babe79e8102ca54d64a1079
SHA256

0035fe4b63a2d62b740b0424dffc33150f55d86ef46b82887eba2b27069427f2
SHA512

4a8cca86015ef21f9cecc51e3aa16ff2024c45372397ee84a66962abcd60c96af4011e2c0dd9da99225eef162fed7741f53b462461653810222a004d28c5f496
SSDEEP

98304:4PwmdONWcCO6k4/bpRC/eIxhiP+YrJCfr5XIz:VNWzO65m/v4JuU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4692	3496	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3496	2556	rundll32.exe	88
PID 2556 wrote to memory of 3496	2556	rundll32.exe	88
PID 2556 wrote to memory of 3496	2556	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0035fe4b63a2d62b740b0424dffc33150f55d86ef46b82887eba2b27069427f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0035fe4b63a2d62b740b0424dffc33150f55d86ef46b82887eba2b27069427f2.dll,#1
  2⤵
  PID:3496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 564
    3⤵
    - Program crash
    PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3496 -ip 3496
1⤵
PID:972

memory/3496-0-0x0000000074FE0000-0x0000000075436000-memory.dmp

Filesize
4.3MB

Download