7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:40

Target

7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b.dll
Size

672KB
MD5

09b82fca458f37a75295eb787f2a0e11
SHA1

0b8f81302b93c402f9ac71c0787f1a08af69f903
SHA256

7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b
SHA512

ed84aaaac78ad878d9a3e83d958212c100f9c0fe87c703a405d42f707b793b9727563ebd939334c7e1607ee020458cfca4e4c5b071948f74a5e4ae3486a579e3
SSDEEP

6144:t9gGhOIDALjiOOkG/8iEXdSXp/uLjLSI70i55KQy:t9gpIk7OkG/bEpTx7Vb

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

704 2872 WerFault.exe rundll32.exe

pid	pid_target	process	target process
704	2872	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4212 wrote to memory of 2872	4212	rundll32.exe	rundll32.exe
PID 4212 wrote to memory of 2872	4212	rundll32.exe	rundll32.exe
PID 4212 wrote to memory of 2872	4212	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ece4b63b694cb37af788f492305eddd4a77d04fba50260deba306043640c63b.dll,#1
2⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 544
3⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2872 -ip 2872
1⤵
PID:5108