d2f024ad19b8ada353f6459d3ac54529b045d4fadab880fcaa0813f4bfd617bc

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2023 12:31

Target

DarkTrack+Alien+4.1/DarkTrack Alien 4.1/sqlite3.dll
Size

245KB
MD5

a2eba4b5199074dbe91fae77e1050d8a
SHA1

f144c5e64068eaa923d9244c134681e418148077
SHA256

629fd65a87d6d08503e45348ecc7c337f4921f35e47356e8fab6f3007039c280
SHA512

917032c8ee533c46876ae43b6dd7a85f03293eda67c1710685bb07fbe12d2300742f53c024d81905b199061453950a5238856cf498b97cc83314debb35ac1a40
SSDEEP

6144:t6n+TCgWV8ZC0YeCiR6HKJzgv1/DiF4nqinO:w+T7oMYeCiR6HKJ8No

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1604 4992 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1604	4992	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5044 wrote to memory of 4992	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 4992	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 4992	5044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\DarkTrack+Alien+4.1\DarkTrack Alien 4.1\sqlite3.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\DarkTrack+Alien+4.1\DarkTrack Alien 4.1\sqlite3.dll",#1
2⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 600
3⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4992 -ip 4992
1⤵
PID:3564

memory/4992-133-0x0000000060900000-0x0000000060942000-memory.dmp

Filesize
264KB

Download