91891a27de0f33dbcee8db80389a380c197003a1b84b9857d144317468bd7650

Analysis

max time kernel
129s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 12:19

Target

DiagnosticInvoker.dll
Size

93KB
MD5

236ee7d3befe766a0d75dc75a1463b8f
SHA1

9cc06c34bd330e6f3a650d5f3cdf6abde283e4e0
SHA256

91891a27de0f33dbcee8db80389a380c197003a1b84b9857d144317468bd7650
SHA512

816ed00d04e7d2bf64b7ae5c3eff53104849a1374fc6bc69c51530157e887009f14c90da6eb1d4eb2ccc3b2478aeba609870ee0326d9ed5e85605e4f640cff5a
SSDEEP

1536:+tUIUa9FA4WMi7cYASiHcvg4Zp0kgKxU/p06fWvGTw5gYdjRpT5jA9KMusoQ7PxO:+tUIUa9FA4//cTpdjxUqUPYdTT5jAnuZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1640	980	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 980	3932	rundll32.exe	83
PID 3932 wrote to memory of 980	3932	rundll32.exe	83
PID 3932 wrote to memory of 980	3932	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiagnosticInvoker.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiagnosticInvoker.dll,#1
  2⤵
  PID:980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 608
    3⤵
    - Program crash
    PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 980 -ip 980
1⤵
PID:2756