2911bdd99140387cbc8761826aacc3c9de0ccb511255aa58790955d8337e2edf

Resubmissions

18/11/2022, 10:31 UTC

18/11/2022, 01:25 UTC

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
18/11/2022, 01:25 UTC

Target

UkBuGFiaRxAAfl.dll
Size

970KB
MD5

a779d5cf3fa450bdf0f540054861ba62
SHA1

4fe25852f69640e87e240b5e4bc46fdfc76782c7
SHA256

2911bdd99140387cbc8761826aacc3c9de0ccb511255aa58790955d8337e2edf
SHA512

1db51d312dfa647038d2c0c9afbd11852b4bdb177a07894f84db04d3547a3d06257900c597f9bb514bfcdcfd027fbcbe22552dbf73262f8f6e30920025ea3f50
SSDEEP

12288:ZZ33fS04yxlif6aS8dqJJzkvyo4w9faJ+1NEDeX4d8FWkPQz8028ez+R7Fnjmz2q:ZZ33agIddqFY9CJ+1V4oWdY8ec7BjI4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	1204	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1728	1204	rundll32.exe	28
PID 1204 wrote to memory of 1728	1204	rundll32.exe	28
PID 1204 wrote to memory of 1728	1204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UkBuGFiaRxAAfl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1204 -s 84
  2⤵
  - Program crash
  PID:1728