406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 22:14

Target

406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4.dll
Size

120KB
MD5

24d5874d5403d369ca66a53f4d7c818f
SHA1

e171a2b0f5189a0f7374ae99e02b1138066d5147
SHA256

406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4
SHA512

bdc845f04e300e9ee5db7cd001e7d7dbd8485d94c957d71a9740e98a66ecaa5089257ffb3e25d399763a88b2e20b339505b1282c254dc0d9e44b71fcf7adbc88
SSDEEP

3072:A1CK0llptaTHfPwr5pm6Qi0ZqaPkyP87vuL:AQbllaborzQtTYvy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4828	3228	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3228	3444	rundll32.exe	86
PID 3444 wrote to memory of 3228	3444	rundll32.exe	86
PID 3444 wrote to memory of 3228	3444	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\406f0c9c379ac28f1135d8c2aea49d5105782631cbf5259800e19b93813412c4.dll,#1
  2⤵
  PID:3228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 568
    3⤵
    - Program crash
    PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3228 -ip 3228
1⤵
PID:1444