a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 08:14

Target

a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll
Size

164KB
MD5

119a205e27d9c9e864f3a5b2c91cca02
SHA1

cc388a0c3643c5f5b039d5284237a38d74ae21b5
SHA256

a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3
SHA512

97f0ed7977d30cecd625c5bbc33e0e2cc7ae80b9d6e43f7cd21796817deb3aaa0e5dbb8049429872b67f31cee426642d6671709e67f59806e5846bbb0bba7ae3
SSDEEP

3072:vJgI/GkzG1mxLhbkBPYa6KDKtYTwyEmH+7rg8XK43QAh3U:qyzGa4P56SKKTwXmH2MTJ03U

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3416 3764 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3416	3764	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1652 wrote to memory of 3764	1652	rundll32.exe	rundll32.exe
PID 1652 wrote to memory of 3764	1652	rundll32.exe	rundll32.exe
PID 1652 wrote to memory of 3764	1652	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3055fab9906b7eed61cec235cb8d53720fcede6df5a6573615093138abef1e3.dll,#1
2⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 544
3⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3764 -ip 3764
1⤵
PID:4044