0994bacabba34499288c55d9568f4e73a2c5bef849fde42fc03052bf63948e57

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-09-2022 01:45

Target

xise/jsc.dll
Size

36KB
MD5

5cab78922b94fa154a0bd75ac4e6ca44
SHA1

0d98aa34abef8092dbd3547b8626cf191597a3b8
SHA256

a69c50195ebbd41e5fe11f98d59ebc81df736ddf0b0c8571bd9bb7d2642bd68f
SHA512

340174f974090de6698ee26661584629c1ef5e629eae789c6facf8aa5ddf162fead57d6a654660a936c02e9158416e842f55a898c8f4b0dda808b0a8ca4d50b9
SSDEEP

384:5UIBq7yFryaMI8nKWWpTU2gQdDuqMapK7a/CQgYJN6RlsnED3WyLOMDlQqDQs:mmaF5KJlVgwuqLmblsneJL75Es

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	1940	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1940	rundll32.exe
1940	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1488 wrote to memory of 1940	1488	rundll32.exe	27
PID 1940 wrote to memory of 916	1940	rundll32.exe	28
PID 1940 wrote to memory of 916	1940	rundll32.exe	28
PID 1940 wrote to memory of 916	1940	rundll32.exe	28
PID 1940 wrote to memory of 916	1940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xise\jsc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xise\jsc.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
    3⤵
    - Program crash
    PID:916

memory/1940-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/1940-56-0x00000000000B0000-0x00000000000B9000-memory.dmp

Filesize
36KB

Download