8c5977a93001297bb5c08cc6493d4b0c0c25bb7f394378d6bde8e508a3d85bc4

Resubmissions

21-03-2023 19:47

21-03-2023 17:44

max time kernel
892s
max time network
901s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-03-2023 19:47

Target

OneLaunch\5.3.5\chromium\libGLESv2.dll
Size

5.2MB
MD5

066d1c8147972e194c19e61fcfbc64f4
SHA1

fe78e6f639d62484baea4f4ba0b28541ade0cf52
SHA256

107decd6daa4c91ff8a22f4f250db201bc0b8653297b6bd04f0b2b3419834453
SHA512

b2973dc4a0a930096657f899e24729b962913cff050997c064cd209d7083105baed75c6221b9fd4c83042c71964ce0ec83ed10efc8888868cbd81c862c8e0bb0
SSDEEP

98304:BsdBzuQq86fv0CvWyvImrYvmzu1VXKC1D35DoOj:oUQqB/WyAmsvma1VXzZj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2024 2044 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2024	2044	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2044	2032	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2024	2044	rundll32.exe	WerFault.exe
PID 2044 wrote to memory of 2024	2044	rundll32.exe	WerFault.exe
PID 2044 wrote to memory of 2024	2044	rundll32.exe	WerFault.exe
PID 2044 wrote to memory of 2024	2044	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\libGLESv2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\libGLESv2.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 224
3⤵
- Program crash
PID:2024