cb423bd492fec2a794afbf3946a1d42d70098a7d6c69a858783783c4b6402f2f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 03:07

Target

cb423bd492fec2a794afbf3946a1d42d70098a7d6c69a858783783c4b6402f2f.dll
Size

5.5MB
MD5

b7f4fcff5564aca2b4a04b1f71e66c15
SHA1

004357ce1d62a166c4dcc9ca098bf0f16d041946
SHA256

cb423bd492fec2a794afbf3946a1d42d70098a7d6c69a858783783c4b6402f2f
SHA512

6cd12d15d2d647237bd5380355033c7ef5f83195bd03f2a5e1c63f7a250d5b8d5c4d59932c954514440cd79cca99cf654a9b25fcae65cff75812fd57cf49f497
SSDEEP

98304:GOOD636bH+GgafsZP/adWhgg7anyhBhSlhmvpa8+0yh3bGsNq5zzU2:Gb6KbH+GgafslCwuE+0u3bGQq5nD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	2588	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 2588	3608	rundll32.exe	85
PID 3608 wrote to memory of 2588	3608	rundll32.exe	85
PID 3608 wrote to memory of 2588	3608	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb423bd492fec2a794afbf3946a1d42d70098a7d6c69a858783783c4b6402f2f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb423bd492fec2a794afbf3946a1d42d70098a7d6c69a858783783c4b6402f2f.dll,#1
  2⤵
  PID:2588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 564
    3⤵
    - Program crash
    PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2588 -ip 2588
1⤵
PID:2068