ed097795acee8f6fce5f80e71d2ed3cf6e27cbb3203673b6c1fc034bd3cee538

Analysis

max time kernel
345s
max time network
349s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21-01-2023 16:54

Target

BitcoinFakeTransaction/libEGL.dll
Size

370KB
MD5

31611ee5ec79234e559d8ef4a045b31f
SHA1

2e0b682433fa3c5ee88a55a4b1e0cdeaf72a1efc
SHA256

316b25ddca2c1035e8f599041480659374caf2b3fc8e3e4a3a8434024bd496e7
SHA512

a1df2246af7f0f6e2cefc39174be870f23139b87b14b658cd6f267eacdd6936ff4f4ac6bd1071ca7bb2c4395db920dbd718812b1c524c0ac3bdef760833bde43
SSDEEP

6144:pj0Aq7pjRaVlgZrNJserEW848VvGy1+Gew8YUo/9Jctrp2:pj0F7p4lgZZJsmbk+Gew8cM2

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1312 1708 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1312	1708	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 1312	1708	rundll32.exe	WerFault.exe
PID 1708 wrote to memory of 1312	1708	rundll32.exe	WerFault.exe
PID 1708 wrote to memory of 1312	1708	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BitcoinFakeTransaction\libEGL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1708 -s 84
  2⤵
  - Program crash
  PID:1312