a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17-03-2023 10:03

Target

gmpopenh264.dll
Size

997KB
MD5

fe3355639648c417e8307c6d051e3e37
SHA1

f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256

1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512

8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
SSDEEP

12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	1928	WerFault.exe	22

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2040	1928	rundll32.exe	28
PID 1928 wrote to memory of 2040	1928	rundll32.exe	28
PID 1928 wrote to memory of 2040	1928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1928 -s 84
  2⤵
  - Program crash
  PID:2040