88feaa6acdfd75de35b39c26b4f772f9f136ec0b9db74a3c7f4045653bda463b

Analysis

max time kernel
90s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09/07/2024, 02:14

Target

ExitLag/api-ms-win-core-namedpipe-l1-1-0.dll
Size

11KB
MD5

cbd531832e4bbc2598758fcdd26d906b
SHA1

edb08d7a0eaeeaa6ec522be44335979ec01b4966
SHA256

e6823ac1b005647d3d84eec7afa40b7436e83f13cc9d2c47a3f8e90914695153
SHA512

3dd42c24c9a3cc2b694a867a8e8125b08ea364d413eb53cfdce0fa60a106b78e9ea5ff0aa180412a70b57f672a4e68e1c6e1d88667f9da68e3d58ec4e61b71da
SSDEEP

192:9aW+NhWQT71ojDBQABJsofqnajxcRGlP6ZqBF+DR:IW+NhWVDBRJsofll7P6gBF+DR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3660	4472	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4472	3308	rundll32.exe	83
PID 3308 wrote to memory of 4472	3308	rundll32.exe	83
PID 3308 wrote to memory of 4472	3308	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\api-ms-win-core-namedpipe-l1-1-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\api-ms-win-core-namedpipe-l1-1-0.dll,#1
  2⤵
  PID:4472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 600
    3⤵
    - Program crash
    PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4472 -ip 4472
1⤵
PID:2076