a307816a648ad34876caeeee35aa76e616cc29bc177c84b2e07c55c83c43b510

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 10:42

Target

Win7-8-10 汉化版/QtCore4.dll
Size

2.5MB
MD5

694d268092399e15e053be5a0b072fa8
SHA1

cee950667401fbb96e1b2325dd9329a21d87ea19
SHA256

8fead904ffc4704b073a416e32e91040fb32253b1e8a660e0337833a76099583
SHA512

21a62680c1c3c6801c5faf13786a6e50eb1e00cdc5868fbb6400612e0154f6b217cac1486f7ab02f9ca4a8c3ade79713542d0771e70821d2b9740b0060d80332
SSDEEP

49152:VTFgiFpGXOENKSgjGPJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjuJsv6tWKFdu9CZgfQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
688	1604	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1904 wrote to memory of 1604	1904	rundll32.exe	28
PID 1604 wrote to memory of 688	1604	rundll32.exe	29
PID 1604 wrote to memory of 688	1604	rundll32.exe	29
PID 1604 wrote to memory of 688	1604	rundll32.exe	29
PID 1604 wrote to memory of 688	1604	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Win7-8-10 汉化版\QtCore4.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Win7-8-10 汉化版\QtCore4.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 228
    3⤵
    - Program crash
    PID:688

memory/1604-55-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download