4f24fd1601be753c9c572eff9af71bd4a99f813eb95fe6c8f1219a591a5bd2b2

Analysis

max time kernel
151s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:43

Target

4f24fd1601be753c9c572eff9af71bd4a99f813eb95fe6c8f1219a591a5bd2b2.dll
Size

847KB
MD5

ede5f9298bf54994c3bc3a153703ca20
SHA1

db2303bda68e1a49e98a2ceed7c30cbb0136b897
SHA256

4f24fd1601be753c9c572eff9af71bd4a99f813eb95fe6c8f1219a591a5bd2b2
SHA512

eff7574a07a3f9702d58e16af1c01ef1bb29c076cdc4dddf8e2eb649f1962001e63513c80f564a32984020b82a747d93598805aa2721c9fae52a0e971197ffed
SSDEEP

12288:LRZOT2Iuv2CO4bAMrEABbYIcPCvytxwIZPZ80G1dTLSpkkIAXNJKgV8RPv:LRJIU2CO4gQkIbENe0GfAXNJjViv

Score

3^/10

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2184 2260 WerFault.exe rundll32.exe
2284 2260 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2184	2260	WerFault.exe	rundll32.exe
2284	2260	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 792 wrote to memory of 2260	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2260	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2260	792	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f24fd1601be753c9c572eff9af71bd4a99f813eb95fe6c8f1219a591a5bd2b2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f24fd1601be753c9c572eff9af71bd4a99f813eb95fe6c8f1219a591a5bd2b2.dll,#1
2⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 544
3⤵
- Program crash
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 804
3⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2260 -ip 2260
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2260 -ip 2260
1⤵
PID:4120