eab2d226f3d7556a322fa921bd92019bc9b62246bdb32f20f1dc58be4926cb0a

Analysis

max time kernel
133s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 04:51

Target

eab2d226f3d7556a322fa921bd92019bc9b62246bdb32f20f1dc58be4926cb0a.dll
Size

10KB
MD5

edee35920ada4be27adc4a0378f8ac2e
SHA1

c876472a8d8810954c54be14be4323a916b9f638
SHA256

eab2d226f3d7556a322fa921bd92019bc9b62246bdb32f20f1dc58be4926cb0a
SHA512

e2edc8233479e9c1971fae48cf55c95e5d5be6fe293a572df9db6cfabf49622fe766c4ca1888d07df4a532d6785ce38e51e3693a87c1b31bd0f585524e297653
SSDEEP

96:YeC2x8AlCNMuKj3jisuXlMBJfYT+kapcqw5n3SlD0sgz6V7ARr9mOllyKReEf3XJ:oN11MBul4wxSRk5V9PljJf3XLC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3684	3820	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 3820	1852	rundll32.exe	83
PID 1852 wrote to memory of 3820	1852	rundll32.exe	83
PID 1852 wrote to memory of 3820	1852	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eab2d226f3d7556a322fa921bd92019bc9b62246bdb32f20f1dc58be4926cb0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eab2d226f3d7556a322fa921bd92019bc9b62246bdb32f20f1dc58be4926cb0a.dll,#1
  2⤵
  PID:3820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 620
    3⤵
    - Program crash
    PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3820 -ip 3820
1⤵
PID:2524