3b77c4e658b5e7b2726f849fe81d2e7d75932a524363e323dbdb40659367312a

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
12-09-2022 13:12

Target

人肉一件套/QQip/ipdbhlp.dll
Size

68KB
MD5

08a5d46a12b1e33e9782034ee8c1c024
SHA1

5636e3615022b53ff8549dcdddfc6779719e272c
SHA256

3023c21f584c605ea3bfe9d8ad0a545b666ff9c5b30d491835e862cd559f781a
SHA512

c76ec36310c01c264b64b0cb1a7f42e7a8c0e8449dade5583e4a4f4bb42af5460e5aa214666e81cc3b3455e4efe4c68ed28a9d2be224180b8b2e812e0dc0e9d7
SSDEEP

1536:Vb/ltB5Qh3nI9T3Gz7ppoUM46bfnbntlo:Vb/J5i3nI8P44Ovbntlo

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
900	1628	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1996 wrote to memory of 1628	1996	rundll32.exe	27
PID 1628 wrote to memory of 900	1628	rundll32.exe	28
PID 1628 wrote to memory of 900	1628	rundll32.exe	28
PID 1628 wrote to memory of 900	1628	rundll32.exe	28
PID 1628 wrote to memory of 900	1628	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\人肉一件套\QQip\ipdbhlp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\人肉一件套\QQip\ipdbhlp.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 228
    3⤵
    - Program crash
    PID:900

memory/1628-55-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download