07ca72bbaedbb178206f8b5d0c5635215e712b854217db93a66b518c5ee5b82c

Analysis

max time kernel
112s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2023 18:12

Target

CONTROL VELOCIDAD INTERNET/Selfishnet win 7/Selfishnet win 7/WanPacket.dll
Size

64KB
MD5

f2a093e0118714900f077124b1daa52a
SHA1

f0b4f318e1a40488c447d1e411504f0fb064513a
SHA256

3d0099ed1b1913853e7c08e5fa6eb8168ca2dea2288db7177dbcb9bec8a6147c
SHA512

8b2157bd63d0be3687fd8af48b60d85ee41846f1cc4597ff42c33bd715cce550f6fcda1d85481de788c19be82b327ea42a231db9059144b1e53c70ae2764b182
SSDEEP

768:taKXWN0TIZbgY+bYu6sNwy6uUk92C8cOoVDAfGgXJpZhtbAVtDe:Q8WuTBduCwvG/bgdhtQtDe

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4676 3768 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4676	3768	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1484 wrote to memory of 3768	1484	rundll32.exe	rundll32.exe
PID 1484 wrote to memory of 3768	1484	rundll32.exe	rundll32.exe
PID 1484 wrote to memory of 3768	1484	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\WanPacket.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\WanPacket.dll",#1
2⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 632
3⤵
- Program crash
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3768 -ip 3768
1⤵
PID:3840