94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 12:07

Target

94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll
Size

205KB
MD5

4b2a6d3194386cafefc4241abad66520
SHA1

1f7c4b5ca6606df23a848fae68890954cd198894
SHA256

94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d
SHA512

c622a1f6f443769a45fda5ddb32baf40bcb3a2c54a71f5e2d29eec3b910b63355d94065177b98ab2de01b45bca744f1db1fd368a70ba1d1edc3b68e46631be25
SSDEEP

3072:v/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUE5f5:v/MEfuN0t8C5oFsoeRM3o0jD

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3488 3180 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3488	3180	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5084 wrote to memory of 3180	5084	rundll32.exe	rundll32.exe
PID 5084 wrote to memory of 3180	5084	rundll32.exe	rundll32.exe
PID 5084 wrote to memory of 3180	5084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94a36f1ff78565de38dbb6951accc189159d0b64065bc0f43db325fed8bf134d.dll,#1
2⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 632
3⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3180 -ip 3180
1⤵
PID:4904