c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 02:29

Target

c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll
Size

56KB
MD5

cb9fe75997ed9eb1750e82de87c2c3d2
SHA1

811bd7c24e3c275e83d1ca7111349a27571ca5d8
SHA256

c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660
SHA512

3a555f06720d7596d3e773c1d44c90e7a3c3c1cea6c7223e3a2e60cd83e9f189210535f2477ecf227b80241d06b053615d7b7ecd89e08dc015dee97640fbdb4f
SSDEEP

768:2MEyU2joCXwPaPOZxZ6pRb0x5sOV4YklKq:oyUuAC6xopRbIuY2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2156	3572	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 3572	3844	rundll32.exe	82
PID 3844 wrote to memory of 3572	3844	rundll32.exe	82
PID 3844 wrote to memory of 3572	3844	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c776215b1a1a5e4428dd76efd28578d1c0e6a729a9c0e4a83617a3dc5e06f660.dll,#1
  2⤵
  PID:3572
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 560
    3⤵
    - Program crash
    PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3572 -ip 3572
1⤵
PID:2196