59184a7156e5b53f141f0d3d6deaee71a45e861e03607fd7dc0e1c8299628edd

Resubmissions

27/12/2022, 11:33

27/12/2022, 11:22

max time kernel
92s
max time network
67s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
27/12/2022, 11:33

Target

59184a7156e5b53f141f0d3d6deaee71a45e861e03607fd7dc0e1c8299628edd.dll
Size

275KB
MD5

367761c64b0c817d2aaf5b505e6e6397
SHA1

4fa32c6aaa0fdbb9d5c8f6c851c6056ddfc83686
SHA256

59184a7156e5b53f141f0d3d6deaee71a45e861e03607fd7dc0e1c8299628edd
SHA512

cbcee201976c4005ffe2b81bc685707cfe7a98c132e72a9da195e03e13f1e54ea0f77e1b700e1954cc3fef45e23606a6e95f04387adfb0dc458cecf8ff499375
SSDEEP

6144:Xqa0yp2RGnhCURSzWGO+JWv41HJG8bRtmWKlUv:XqGfCURGWGlJu41Hw8nKM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3276	2700	WerFault.exe	37

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 3256	4136	cmd.exe	72
PID 4136 wrote to memory of 3256	4136	cmd.exe	72

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59184a7156e5b53f141f0d3d6deaee71a45e861e03607fd7dc0e1c8299628edd.dll,#1
1⤵
PID:2700
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2700 -s 252
  2⤵
  - Program crash
  PID:3276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5076

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\system32\rundll32.exe
  rundll32.exe 59184a7156e5b53f141f0d3d6deaee71a45e861e03607fd7dc0e1c8299628edd.dll, PluginInit
  2⤵
  PID:3256