80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 10:25

Target

80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll
Size

242KB
MD5

147d2008d5152c7efcac9fea16cad4a3
SHA1

9eda9cacafd8109b1208fd3812e4dc31622728dd
SHA256

80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf
SHA512

6522507c7293c1733a5779275296806d42d180bd2f1fb742ecd202f1fc360c27b6cdb8a411e2860920b555d3598af29b82a94df8b25a152c91a9f7fc30cb83d6
SSDEEP

3072:1mkH4V2aLdAJJ5WcZW4TH25KXs8o66yWpQJU6fUzpqtcWGQT0Jkegj9Uwb549Xbu:Ykvae5Wck4CAal6U6MzJk7j1iaRH

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

400 5108 WerFault.exe rundll32.exe

pid	pid_target	process	target process
400	5108	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3080 wrote to memory of 5108	3080	rundll32.exe	rundll32.exe
PID 3080 wrote to memory of 5108	3080	rundll32.exe	rundll32.exe
PID 3080 wrote to memory of 5108	3080	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80977154983b789a6b11ffa27bec8938b3a04754598ff4990daddb42b1c7a8cf.dll,#1
2⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 632
3⤵
- Program crash
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5108 -ip 5108
1⤵
PID:3816