228fdcecdf9021628fd02f48f1c5ff9cccff2cfc89ef3662b714d442b3df75f7

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 19:18

Target

0893a1edf6215a43fde5a90d5a028cf0N.dll
Size

177KB
MD5

0893a1edf6215a43fde5a90d5a028cf0
SHA1

46ab2076bd6394bace7c33a93c3f4a402df2e7e8
SHA256

228fdcecdf9021628fd02f48f1c5ff9cccff2cfc89ef3662b714d442b3df75f7
SHA512

5a7c9485b8a27b0516ed94fb491f9895ef4be4b2b2af0467764101047d0f1425729bfa39b303a7f22912fab431312965d524f8bb13252a748e1da4139d1cc5c0
SSDEEP

3072:O6c6qAB5CFdzxNhg2JowONfYRbSwUaq55oYCmoD3ihpID1IQXBJkCcCu45PD:+UedNNhg2d2bqihpIJkx45

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3152	3208	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 3208	3616	rundll32.exe	84
PID 3616 wrote to memory of 3208	3616	rundll32.exe	84
PID 3616 wrote to memory of 3208	3616	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0893a1edf6215a43fde5a90d5a028cf0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0893a1edf6215a43fde5a90d5a028cf0N.dll,#1
  2⤵
  PID:3208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 620
    3⤵
    - Program crash
    PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3208 -ip 3208
1⤵
PID:3604

memory/3208-0-0x00000000757BD000-0x00000000757E0000-memory.dmp

Filesize
140KB

Download
memory/3208-1-0x00000000757BD000-0x00000000757E0000-memory.dmp

Filesize
140KB

Download