1c5c86fa4abc4721d2b3d57e94cb08b79105f09e5e9827cbe55850c4374cce43

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 09:50

Target

1c5c86fa4abc4721d2b3d57e94cb08b79105f09e5e9827cbe55850c4374cce43.dll
Size

451KB
MD5

934de23faf748f5185ae948fc6e3045c
SHA1

ea0e7527a834f9943556a5fb45cd50be43589aba
SHA256

1c5c86fa4abc4721d2b3d57e94cb08b79105f09e5e9827cbe55850c4374cce43
SHA512

8d0616982fdac987a327ea9eb6c44061edf9fd11d0abb56114e14cd06518990a3cb7336d63f41cb876b908441f1616a5e104b65110eeb21c92296fab2402e741
SSDEEP

12288:2elrDLDW4Oku+dsGc+OeO+OeNhBBhhBB4MS1x+SVJ5po9hL:2kDAGG1x+E5po9hL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1392	4416	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4416	1468	rundll32.exe	84
PID 1468 wrote to memory of 4416	1468	rundll32.exe	84
PID 1468 wrote to memory of 4416	1468	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c5c86fa4abc4721d2b3d57e94cb08b79105f09e5e9827cbe55850c4374cce43.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c5c86fa4abc4721d2b3d57e94cb08b79105f09e5e9827cbe55850c4374cce43.dll,#1
  2⤵
  PID:4416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 628
    3⤵
    - Program crash
    PID:1392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4416 -ip 4416
1⤵
PID:116

memory/4416-0-0x0000000010000000-0x0000000010077000-memory.dmp

Filesize
476KB

Download
memory/4416-1-0x0000000010000000-0x0000000010077000-memory.dmp

Filesize
476KB

Download