ffdc1369d6fa4a8cbb286fb731892fc4389f9cc5627106515f220dae95d5a4ee

Analysis

max time kernel
92s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 15:09

Target

ffdc1369d6fa4a8cbb286fb731892fc4389f9cc5627106515f220dae95d5a4ee.dll
Size

68KB
MD5

99b0a89987d3de168fcc4a0ac9ef41d6
SHA1

6632429cafb2b0f37194223169f87a51d04fa199
SHA256

ffdc1369d6fa4a8cbb286fb731892fc4389f9cc5627106515f220dae95d5a4ee
SHA512

90e33bc3c8b815bdfde7f07a6657a85e45cc70fe011fef6c813a3694d25a83883222f5e0d185fc524d90dc85a17d17790e44c4a9a0cc47d67917ab2af2829fa9
SSDEEP

1536:YNt3kRR1bdNz7s8ym9Fx/QxUOdX5kb6KFnToIfc5P7C:osXz7PZf/Q7dX5SBtTBfc5P7C

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5000	4804	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 4804	2748	rundll32.exe	86
PID 2748 wrote to memory of 4804	2748	rundll32.exe	86
PID 2748 wrote to memory of 4804	2748	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffdc1369d6fa4a8cbb286fb731892fc4389f9cc5627106515f220dae95d5a4ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffdc1369d6fa4a8cbb286fb731892fc4389f9cc5627106515f220dae95d5a4ee.dll,#1
  2⤵
  PID:4804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 632
    3⤵
    - Program crash
    PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4804 -ip 4804
1⤵
PID:3600