d7dfa1cecb7a67884414e33168940138e79e97e176d481ccee5ccc0e70a6f5f3

Analysis

max time kernel
933s
max time network
939s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02-02-2023 16:34

Target

MICROSOFT OFFICE 2021 JULIANTECNOLOGICO/MICROSOFT OFFICE 2021 PRO PLUS/files/x86/msvcr100.dll
Size

755KB
MD5

bf38660a9125935658cfa3e53fdc7d65
SHA1

0b51fb415ec89848f339f8989d323bea722bfd70
SHA256

60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512

25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
SSDEEP

12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3876	2244	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2244	2116	rundll32.exe	79
PID 2116 wrote to memory of 2244	2116	rundll32.exe	79
PID 2116 wrote to memory of 2244	2116	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MICROSOFT OFFICE 2021 JULIANTECNOLOGICO\MICROSOFT OFFICE 2021 PRO PLUS\files\x86\msvcr100.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MICROSOFT OFFICE 2021 JULIANTECNOLOGICO\MICROSOFT OFFICE 2021 PRO PLUS\files\x86\msvcr100.dll",#1
  2⤵
  PID:2244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 604
    3⤵
    - Program crash
    PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2244 -ip 2244
1⤵
PID:3688