61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684

Analysis

max time kernel
134s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 11:14

Target

61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll
Size

160KB
MD5

4c2ec1df0f31f0979b919c14a0363a35
SHA1

7ace8d116f29450f7fdd918709fe58e535020efb
SHA256

61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684
SHA512

aa222babb41da54ea766c2e66500aaa8097a5688b3ccb18fd45035f68a916da1f335e555db4b66a54b00d1f8064a38b777f04910de3bbe96ddf8916b470957f0
SSDEEP

3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2904 1812 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2904	1812	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4532 wrote to memory of 1812	4532	rundll32.exe	rundll32.exe
PID 4532 wrote to memory of 1812	4532	rundll32.exe	rundll32.exe
PID 4532 wrote to memory of 1812	4532	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4532

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#1
2⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 560
3⤵
- Program crash
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1812 -ip 1812
1⤵
PID:2680