07ca72bbaedbb178206f8b5d0c5635215e712b854217db93a66b518c5ee5b82c

Analysis

max time kernel
112s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2023, 18:12

Target

CONTROL VELOCIDAD INTERNET/Selfishnet win 7/Selfishnet win 7/WanPacket.dll
Size

64KB
MD5

f2a093e0118714900f077124b1daa52a
SHA1

f0b4f318e1a40488c447d1e411504f0fb064513a
SHA256

3d0099ed1b1913853e7c08e5fa6eb8168ca2dea2288db7177dbcb9bec8a6147c
SHA512

8b2157bd63d0be3687fd8af48b60d85ee41846f1cc4597ff42c33bd715cce550f6fcda1d85481de788c19be82b327ea42a231db9059144b1e53c70ae2764b182
SSDEEP

768:taKXWN0TIZbgY+bYu6sNwy6uUk92C8cOoVDAfGgXJpZhtbAVtDe:Q8WuTBduCwvG/bgdhtQtDe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4676	3768	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 3768	1484	rundll32.exe	83
PID 1484 wrote to memory of 3768	1484	rundll32.exe	83
PID 1484 wrote to memory of 3768	1484	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\WanPacket.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\WanPacket.dll",#1
  2⤵
  PID:3768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 632
    3⤵
    - Program crash
    PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3768 -ip 3768
1⤵
PID:3840