c7a74e51044e62ab518f212afb21d7fbe6ad6cc428868ebb8729e754bd8b0b10

Analysis

max time kernel
92s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 05:25

Target

Wave/d3dcompiler_47.dll
Size

3.9MB
MD5

3b4647bcb9feb591c2c05d1a606ed988
SHA1

b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256

35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512

00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50
SSDEEP

49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1608	4636	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 4636	2804	rundll32.exe	82
PID 2804 wrote to memory of 4636	2804	rundll32.exe	82
PID 2804 wrote to memory of 4636	2804	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wave\d3dcompiler_47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wave\d3dcompiler_47.dll,#1
  2⤵
  PID:4636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 468
    3⤵
    - Program crash
    PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4636 -ip 4636
1⤵
PID:3768