a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 13:10

Target

a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll
Size

46KB
MD5

dbad6b495cd89250fa8570859bfe4dcd
SHA1

1c70ccead809c792b35780d831e7ce123eaf0f68
SHA256

a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533
SHA512

642b9fb58f0b7de193fe7a7cb6874b3f375c79640bed33cb9b3cda1f780c56d081449899cf4e433c8c5a15a9546bb95d84e4df363479bbc33942ce987c901d5e
SSDEEP

768:muywzQxeL1kkidp8pyfkoqhHNOVpZSAq3O6w0:/Qxssp8pyfXqhkVqAb6w

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4564	1696	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1696	1944	rundll32.exe	85
PID 1944 wrote to memory of 1696	1944	rundll32.exe	85
PID 1944 wrote to memory of 1696	1944	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a484d264916bfdd57631f15e987d8ddaae98daac5daf62a70081d12ab4fec533.dll,#1
  2⤵
  PID:1696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 628
    3⤵
    - Program crash
    PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1696 -ip 1696
1⤵
PID:1616

memory/1696-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1696-1-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download