06739179e0182985d37db48f3cb0566c8f1c2dc671d0e14aeeec5ffcc749a705

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:24

Target

06739179e0182985d37db48f3cb0566c8f1c2dc671d0e14aeeec5ffcc749a705.dll
Size

18KB
MD5

1fd4ed60e61073fd7881d00fe659e280
SHA1

3cbea3de83990269779ca8767abbecfdf894d256
SHA256

06739179e0182985d37db48f3cb0566c8f1c2dc671d0e14aeeec5ffcc749a705
SHA512

93da68202072920cc036fa325574fd71a2badcf0956217bcd4bf15cad465af71054e753c9c9513475099930de62aa52e1d82a21c58dee417060b99d12f5f544d
SSDEEP

192:brLFaD7qTERkjm9LXN4t8/O6BJ8jCeynRWOrE/ezi5Kls45A6TEApERQ5S6pPvpB:brLFAxKaP42Pv8j2nRfQuA6D/p

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2696	536	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 536	4384	rundll32.exe	87
PID 4384 wrote to memory of 536	4384	rundll32.exe	87
PID 4384 wrote to memory of 536	4384	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06739179e0182985d37db48f3cb0566c8f1c2dc671d0e14aeeec5ffcc749a705.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06739179e0182985d37db48f3cb0566c8f1c2dc671d0e14aeeec5ffcc749a705.dll,#1
  2⤵
  PID:536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 648
    3⤵
    - Program crash
    PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 536 -ip 536
1⤵
PID:4828

memory/536-0-0x00000000758D0000-0x00000000758DD000-memory.dmp

Filesize
52KB

Download