ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc

Analysis

max time kernel
23s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-10-2022 05:03

Target

L2Server/GGauth70.dll
Size

111KB
MD5

08e77144afb763a659c9350a7dc1c7b3
SHA1

9e01ed7633f1b311546c01799bf21dbafcb67767
SHA256

c4a81a32a4d39829057d66fdfa8dd40bc24c30b9ce287d0727cb4c0e82e6ea93
SHA512

acecd1a7d1a362509933834c073f9850253f3c7ed14daec5ffdbd1fee2a618fffbe2c1c8365c228031feb3bd784c2f2746e5dc870fbc17ca7caa84b7cfd1e552
SSDEEP

1536:67MzvhXY4EbVCOBJFHsdSYEMEXjIUqR9AAeTnzxEPRd/PzxD/sTIi50Cd1JA87E9:gqXdEbMGHsdS8iE87EgcqDDyr4oP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1352	1404	WerFault.exe	25

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1352	1404	rundll32.exe	26
PID 1404 wrote to memory of 1352	1404	rundll32.exe	26
PID 1404 wrote to memory of 1352	1404	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\L2Server\GGauth70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1404 -s 84
  2⤵
  - Program crash
  PID:1352