06d21f19b9d30740723105c0e0c91efa1db842bb62ec44d6bbad07ca5849e79b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 09:26

Target

06d21f19b9d30740723105c0e0c91efa1db842bb62ec44d6bbad07ca5849e79b.dll
Size

36KB
MD5

b151080c11170673e5bad03fef274edc
SHA1

205ae200155cb59b5fa00018ec0d5dc4350f31f5
SHA256

06d21f19b9d30740723105c0e0c91efa1db842bb62ec44d6bbad07ca5849e79b
SHA512

b9bf7838ad65cdb738d48c08ca39484189095814120b7c593932e30fc641a8c919f17d261e2a6d228f38aa54d382ee4df25cdc7299861f42fa8035f76dbb8b5e
SSDEEP

768:FSfnclvNu7NarGp4Oclg8ddyFWfSWQVME8GdaY:PwRGGU1gXWQVjtaY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
456	2376	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 2376	4844	rundll32.exe	84
PID 4844 wrote to memory of 2376	4844	rundll32.exe	84
PID 4844 wrote to memory of 2376	4844	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d21f19b9d30740723105c0e0c91efa1db842bb62ec44d6bbad07ca5849e79b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d21f19b9d30740723105c0e0c91efa1db842bb62ec44d6bbad07ca5849e79b.dll,#1
  2⤵
  PID:2376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 632
    3⤵
    - Program crash
    PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2376 -ip 2376
1⤵
PID:4428