2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4

Analysis

max time kernel
134s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 19:17

Target

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll
Size

205KB
MD5

8b994526c2d3405eea11bb7f2bdea1d1
SHA1

5109a133db7f8a6e4761e08b930eb70abecf603e
SHA256

2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4
SHA512

8b04dd06ef889fb6d4cdeaf7419db4510b8592d28073b1fbdbd6082809701f208fe82b3e2ff32bf60a38f58deac9195f4ac475c3908879d307858a2f0dc5c96f
SSDEEP

3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUakD5bf:0/MEfuN0t8C5oFsoeRM3o0jG9

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4020 1020 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4020	1020	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1560 wrote to memory of 1020	1560	rundll32.exe	rundll32.exe
PID 1560 wrote to memory of 1020	1560	rundll32.exe	rundll32.exe
PID 1560 wrote to memory of 1020	1560	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f8757b0459892769aeba9c35eaecf5a88bd95466674b5b009dc599209c6a3b4.dll,#1
2⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 636
3⤵
- Program crash
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1020 -ip 1020
1⤵
PID:2696