a488eae2884937cf51ac2e483d55977eab3f3a3bdbe2fbf892d39b4168569a68

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 01:26

Target

a488eae2884937cf51ac2e483d55977eab3f3a3bdbe2fbf892d39b4168569a68.dll
Size

80KB
MD5

22a69c4b7f24d66a5cb9508a671237a7
SHA1

22a9820f8e95bba92d50738bbef69a089708b261
SHA256

a488eae2884937cf51ac2e483d55977eab3f3a3bdbe2fbf892d39b4168569a68
SHA512

a04138666a3ef431e9bc9a60e29716b1e308727d94ef6501896f2cccc25b580890674d721b6bc46589515e0d4eb8d2c67fbad9ca1b3c2c916d267713b7242da1
SSDEEP

768:CmRYp1o49NLh08wd3SIQCjGwHqHZKimfDNexCR2TF7RuIT0DIOlIOCnToIf1PKey:k170awKu5epADIOlIOCnToIfny

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	4480	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 4480	920	rundll32.exe	82
PID 920 wrote to memory of 4480	920	rundll32.exe	82
PID 920 wrote to memory of 4480	920	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a488eae2884937cf51ac2e483d55977eab3f3a3bdbe2fbf892d39b4168569a68.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a488eae2884937cf51ac2e483d55977eab3f3a3bdbe2fbf892d39b4168569a68.dll,#1
  2⤵
  PID:4480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 604
    3⤵
    - Program crash
    PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4480 -ip 4480
1⤵
PID:1512