46969b134dc1a56c3f4047f48e6d7e468451902d5c08ff3ecb688e1d1e4e57cf

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 19:38

Target

46969b134dc1a56c3f4047f48e6d7e468451902d5c08ff3ecb688e1d1e4e57cf.dll
Size

340KB
MD5

e67034a0203037f7166e6a0f965d9bc7
SHA1

7d623394681b1f915039f01e8ad980dc8e30d59f
SHA256

46969b134dc1a56c3f4047f48e6d7e468451902d5c08ff3ecb688e1d1e4e57cf
SHA512

9362c23d62744ddc2792d3cc04889501ef1b01de18ea49ca1eb8bb730ea2e612571ae030cf7efe8f296b64237c15c694ec09ec13448ae406effa8ec07f23fd2e
SSDEEP

6144:/ujG+7Y+RzZgMrrXSfkNA8w/ERNURUCt1iTBq5mQ04/M1:mjG+DAMfXSfkaojCtcTs5mQXM

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1008	3828	WerFault.exe	83
4744	3828	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 3828	4432	rundll32.exe	83
PID 4432 wrote to memory of 3828	4432	rundll32.exe	83
PID 4432 wrote to memory of 3828	4432	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46969b134dc1a56c3f4047f48e6d7e468451902d5c08ff3ecb688e1d1e4e57cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46969b134dc1a56c3f4047f48e6d7e468451902d5c08ff3ecb688e1d1e4e57cf.dll,#1
  2⤵
  PID:3828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 584
    3⤵
    - Program crash
    PID:1008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 836
    3⤵
    - Program crash
    PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3828 -ip 3828
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3828 -ip 3828
1⤵
PID:4440