30b24ecfe47e9fca02e29c6029a694042e23ad6aff55c03544f741ff8ecb4a35

Analysis

max time kernel
105s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 21:12

Target

0b4b8aaa63a3c3671b7bf942041f5800N.dll
Size

118KB
MD5

0b4b8aaa63a3c3671b7bf942041f5800
SHA1

5b543cee626cc77e7aa3e202b7beb66b5150063e
SHA256

30b24ecfe47e9fca02e29c6029a694042e23ad6aff55c03544f741ff8ecb4a35
SHA512

159e626a1c85c9280234d816d5ca951ff3f9e7261f1ab7ce2dafebfecea3adfc642931196543380b6bd25cf24c6bce2c735cb50371e50b1e8507c94178075505
SSDEEP

3072:ECXRRuMC3w/h3IJTkFkR/x797tZv4lxysPzB1SrfC:ECXR1ZdkRZ7neKrfC

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1760	3276	WerFault.exe	83
4876	3276	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3276	2824	rundll32.exe	83
PID 2824 wrote to memory of 3276	2824	rundll32.exe	83
PID 2824 wrote to memory of 3276	2824	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b4b8aaa63a3c3671b7bf942041f5800N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b4b8aaa63a3c3671b7bf942041f5800N.dll,#1
  2⤵
  PID:3276
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 540
    3⤵
    - Program crash
    PID:1760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 588
    3⤵
    - Program crash
    PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3276 -ip 3276
1⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3276 -ip 3276
1⤵
PID:900