8c5977a93001297bb5c08cc6493d4b0c0c25bb7f394378d6bde8e508a3d85bc4

Resubmissions

21-03-2023 19:47

21-03-2023 17:44

max time kernel
962s
max time network
970s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 19:47

Target

OneLaunch\5.3.5\chromium\chrome.dll
Size

141.4MB
MD5

2f0436796a1b18e42f0e6a11f1871bd7
SHA1

ac9f075f2020eb8b82279cadd963dc8f6a62c7b6
SHA256

2a708dd4cc28c189968dcb3c2100b6415eef6f7d4069f5a9ac207b41164b3502
SHA512

806a1cb360014d61e69c67ba44a252e2bf1c2e63e5180533229165c4645ec7a7ca5451012533fdd5c96038818ceddec4fcfbd68523eca4bbabe18303f38080fc
SSDEEP

1572864:n5P1JKirq5A5XoVDDph3EpNEQZp2TqEH26hUhMERyG+Pd1zAAxOMgdC9yoIFItl+:h37Z7kSN45FMqHe

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3732 3644 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3732	3644	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2024 wrote to memory of 3644	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 3644	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 3644	2024	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\chrome.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\chrome.dll,#1
2⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 736
3⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3644 -ip 3644
1⤵
PID:4576