8c5977a93001297bb5c08cc6493d4b0c0c25bb7f394378d6bde8e508a3d85bc4

Resubmissions

21-03-2023 19:47

21-03-2023 17:44

max time kernel
966s
max time network
975s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 19:47

Target

OneLaunch\5.3.5\chromium\d3dcompiler_47.dll
Size

3.5MB
MD5

cd8a3be4d5871171fd0b107132d97be8
SHA1

415258c10477a49d0c046a12123ff7abe957612e
SHA256

4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA512

4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
SSDEEP

49152:grToHAsisjBFjJMLhHELxJm8ZU8W/GKa5Z535TMpiUAFzxkF+cD1gbqCG7jHbOkV:g2ZOb8W/GVhUAFzxSyNFy9AQ

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3108 988 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3108	988	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1284 wrote to memory of 988	1284	rundll32.exe	rundll32.exe
PID 1284 wrote to memory of 988	1284	rundll32.exe	rundll32.exe
PID 1284 wrote to memory of 988	1284	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\d3dcompiler_47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\d3dcompiler_47.dll,#1
2⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 620
3⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 988 -ip 988
1⤵
PID:4432