38336ed96582b4cf87d9301341e4c10090d249aea39603a3bc9c73e7d1bf0634

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
24/09/2022, 15:59

Target

Auto Macro Recorder 4.6.2.8(к+ر)/libcurl.dll
Size

348KB
MD5

4f3cd2dcdd4064c3253767871a305f2d
SHA1

af3150417df47a723dda3aeabfe2756f02a7152f
SHA256

da3d871fa1e81b6ce60a7ee497befb8ff53d4153b16667e64ad2519d0bf54818
SHA512

646ee811ea811dc7612f729e14ad8ba5b20d94522d5254671f4aed170466823a8c4c526f54c74a1f9505553df6e42092a7e9b34c87c91a96ef99094833f112a6
SSDEEP

6144:nw8/dQbjlMulY0IQ9FeFJNewAYVKBRsyK3Z1dlCueDnVYeXGkMLlEr8P3QO8pNN5:wvbBMulY0IQ9FeFWwAYVK/K3Z1dQ/hXZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2916	5096	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 5096	1356	rundll32.exe	85
PID 1356 wrote to memory of 5096	1356	rundll32.exe	85
PID 1356 wrote to memory of 5096	1356	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Auto Macro Recorder 4.6.2.8(к+ر)\libcurl.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Auto Macro Recorder 4.6.2.8(к+ر)\libcurl.dll",#1
  2⤵
  PID:5096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 644
    3⤵
    - Program crash
    PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5096 -ip 5096
1⤵
PID:4400

memory/5096-133-0x0000000002C80000-0x0000000002DBD000-memory.dmp

Filesize
1.2MB

Download
memory/5096-135-0x0000000002DC0000-0x0000000002E07000-memory.dmp

Filesize
284KB

Download