7ee8f22c98aa12fd857957b213a700b35b3b57522e17d0b584455d08d7cdca4c

Analysis

max time kernel
92s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2022, 10:17

Target

Lumion 12 Pro/donut/ffmpegsumo.dll
Size

963KB
MD5

8d6c1353081a166c15ab31ee83906c8e
SHA1

40283ef8b4343553ecf0e6e8aa4170081467bffc
SHA256

564ad57d50ffe96efd0b274a8faf94fe578819405abfc26e2d3d8d092bb465f5
SHA512

2a9737b940d330285c7040cb3e7753f33a4083f0a8a1ec3e487a9ada312f986115ca51a538abe256a735b680a19f410907bf00e2d70638706764bf2a7d52bd04
SSDEEP

12288:shP1NwYxY4gGZF1xdFNT1Ygx+iP/U7Okow2p4mDJbWYmlna7MlPM+fCI1MIx1oU8:s9gkjxdFNT1YC+UEHowA4mdb/AM+3P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	1644	WerFault.exe	80

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1644	2160	rundll32.exe	80
PID 2160 wrote to memory of 1644	2160	rundll32.exe	80
PID 2160 wrote to memory of 1644	2160	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lumion 12 Pro\donut\ffmpegsumo.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lumion 12 Pro\donut\ffmpegsumo.dll",#1
  2⤵
  PID:1644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 620
    3⤵
    - Program crash
    PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1644 -ip 1644
1⤵
PID:3788