6cd038a0437be520f4cae3b1b756a10f90d632e3bbd8ad3a8bbf20b3db1b922b

Analysis

max time kernel
92s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240426-es
resource tags

arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28/05/2024, 14:46

Target

CADe_SIMU 4.2/libnodave.dll
Size

124KB
MD5

3f9383240796ff0bcd7211aaffa70ec2
SHA1

29cb7113a6a08eaa701fd5d55811205d0d8499a9
SHA256

d61b4728dc1bdfbfcee780b2eecc867549ff4637bc611ba115e023d4bda493b6
SHA512

3e8eef1fa22858e40c1b97106dcf904f36aa271002e45b3b57bd1370753f413c14369e55f8e341ed09dcfd41a2cb5cbafef5021703ed2b5ae0b2f7e778ecc698
SSDEEP

1536:tyrhe5iAd5jGErfo0KtauWnuH3rXA4hBmILCC7dulTm0Dyw8jy1:tyo1NGErfOBYuHzpBXeC0lTm0gy1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2248	1552	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1552	864	rundll32.exe	83
PID 864 wrote to memory of 1552	864	rundll32.exe	83
PID 864 wrote to memory of 1552	864	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CADe_SIMU 4.2\libnodave.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CADe_SIMU 4.2\libnodave.dll",#1
  2⤵
  PID:1552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 612
    3⤵
    - Program crash
    PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1552 -ip 1552
1⤵
PID:1520