2f9b72a38e409c9e6c0fd5a9774db0695b6729492375dc359f2077f49fd40d82

Analysis

max time kernel
141s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:11

Target

2f9b72a38e409c9e6c0fd5a9774db0695b6729492375dc359f2077f49fd40d82.dll
Size

9KB
MD5

a6f047395cd6dadd2f91f972f7c45876
SHA1

5e8403793ab5f758f5f2af3ec20a1be64a1186a7
SHA256

2f9b72a38e409c9e6c0fd5a9774db0695b6729492375dc359f2077f49fd40d82
SHA512

d60e3a8ceea6f3e6f54679f706e99c7105411ca84d44682106e9279930f2217c529c35a35c778e81b4eebe9fecd3a3db5a69a2ccd58f3f1c82eecbfc6b38c005
SSDEEP

192:/kkgUVzuwL2PV3PpZWoCJEnRHJGfoNCUhnr5u:tg+2N3PfWovRHJGwdVu

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4316 3980 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4316	3980	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1840 wrote to memory of 3980	1840	rundll32.exe	rundll32.exe
PID 1840 wrote to memory of 3980	1840	rundll32.exe	rundll32.exe
PID 1840 wrote to memory of 3980	1840	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9b72a38e409c9e6c0fd5a9774db0695b6729492375dc359f2077f49fd40d82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9b72a38e409c9e6c0fd5a9774db0695b6729492375dc359f2077f49fd40d82.dll,#1
  2⤵
  PID:3980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 612
    3⤵
    - Program crash
    PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3980 -ip 3980
1⤵
PID:2488