f22add3c554bbfcf03b1b6fc0f9fcf22e266ca55cedaadefcd83faa7b6617f33

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 10:57

Target

Osiris.dll
Size

1.4MB
MD5

fecbbaca02007e5cbfe72d1dcc80eb6a
SHA1

8dfb3db90615ff8169d94587ced93ca782d7576d
SHA256

f22add3c554bbfcf03b1b6fc0f9fcf22e266ca55cedaadefcd83faa7b6617f33
SHA512

6669e25ef61fe207dd7052ff844c1e92bbf761208afdee6550f14451f242fecc48cb7115ed6fd98b57c412a0679fc5e9e7c482df7ba247e4caab8c8d7cd00380
SSDEEP

24576:d9OruDp1bMrr6DnUPZbXgRLhFYw7DrvRL3BYcge8wMOP3f9g:d9JyZADYcgeT73f9g

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4840	3404	WerFault.exe	82
3684	3404	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3404	4528	rundll32.exe	82
PID 4528 wrote to memory of 3404	4528	rundll32.exe	82
PID 4528 wrote to memory of 3404	4528	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Osiris.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Osiris.dll,#1
  2⤵
  PID:3404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 556
    3⤵
    - Program crash
    PID:4840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 852
    3⤵
    - Program crash
    PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3404 -ip 3404
1⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3404 -ip 3404
1⤵
PID:1308