031094100c0450c6680cf0debb4830f9e62d9853ce3f1b25581ddcecc8fac6b2

Resubmissions

26-12-2022 16:35

26-12-2022 13:17

max time kernel
90s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2022 16:35

Target

RecentInformation/NeedChangeRules.dll
Size

817KB
MD5

0e2d5c8c4b7d0c79696deaf595e03ff4
SHA1

e80fc6fd663fb62da6e7977c2026bd922398c210
SHA256

a31afaffcaaf2daada6c7b89e55d204f6de94cd81df8f2a26f010d39dc3e8e6a
SHA512

32e68b2d701ea4ad0d648a728f2a2c648b8113f78b346360ecde4f136433dfb869b426f50e27795c062468ba6ec18d0306bea08b0a2b7f87cb193aec2871c4b8
SSDEEP

12288:JJGwvTfCMf8rVomRle7XBr4fi7wDqo4TARMhxMrFND648j4xhT6Wl:JY5rVtcsfi7wDP4TAR0sFN+Ux

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1340 4636 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1340	4636	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4736 wrote to memory of 4636	4736	rundll32.exe	rundll32.exe
PID 4736 wrote to memory of 4636	4736	rundll32.exe	rundll32.exe
PID 4736 wrote to memory of 4636	4736	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\RecentInformation\NeedChangeRules.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\RecentInformation\NeedChangeRules.dll,#1
2⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 612
3⤵
- Program crash
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4636 -ip 4636
1⤵
PID:1688