cbeb0e623dcbda0b9dd3154c8effb5f080246f523cf68a7afeae54f2acec25da

Analysis

max time kernel
429s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 01:32

Target

api-ms-win-core-datetime-l1-1-1.dll
Size

12KB
MD5

0e1ea6efc5c6824c0b0d55ef5b670dec
SHA1

589b957ac3bcea9327d75af4b07cb0e8bd158fe5
SHA256

7511280e57c23aeea9926476c3fc34da92b7dd261aabc4cd092ed4c9c4869a0d
SHA512

b2472aefc6eff582905e2d1f95394b3ef687f3041bde07b3be82851402e9265e52a7396e7bba8b7e3a1427563b92d5d0608ed7d93038107e7da9e7b5ff08738b
SSDEEP

192:aWZhWtcBRpSDBQABJSXq21eX01k9z3Az7+9t/HjQib:aWZhWuMDBRJSXl8R9ziARHEib

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3624	3648	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 3648	3332	rundll32.exe	81
PID 3332 wrote to memory of 3648	3332	rundll32.exe	81
PID 3332 wrote to memory of 3648	3332	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-datetime-l1-1-1.dll,#1
  2⤵
  PID:3648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 600
    3⤵
    - Program crash
    PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3648 -ip 3648
1⤵
PID:3048