dffba1a6d8af06dc40d138e40ae4d71b3a864b34aeca145ce11f70b32377cd31

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 05:06

Target

dffba1a6d8af06dc40d138e40ae4d71b3a864b34aeca145ce11f70b32377cd31.dll
Size

68KB
MD5

0ea2b772f1ac88e0d461619d9788ecfc
SHA1

bac0a23674bdb95fef51874d8fc2e48e0869e0ef
SHA256

dffba1a6d8af06dc40d138e40ae4d71b3a864b34aeca145ce11f70b32377cd31
SHA512

5bef0a26753f0f84d99f39bed87bab43e6302bf7c1e11703a6ce3b0b09d890400d925cb3a0a2c7290d85305ff9ec459c4e73413d9f6478b96343f49b03f8c50b
SSDEEP

768:W/YqzDykzJmC0bmDqcaZMMJmcdZ0vxoog:W/Yqz1zimjaZZJ/MKo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4308	4752	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 4752	4048	rundll32.exe	82
PID 4048 wrote to memory of 4752	4048	rundll32.exe	82
PID 4048 wrote to memory of 4752	4048	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dffba1a6d8af06dc40d138e40ae4d71b3a864b34aeca145ce11f70b32377cd31.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dffba1a6d8af06dc40d138e40ae4d71b3a864b34aeca145ce11f70b32377cd31.dll,#1
  2⤵
  PID:4752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 560
    3⤵
    - Program crash
    PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4752 -ip 4752
1⤵
PID:2004