bced812112439dc85b04747045a0a19ee4b6d9f9ca0b378390e41379ffdb9f9d

Analysis

max time kernel
233s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 12:11

Target

PvZ_Tools_v2.7.3/Qt5Network.dll
Size

827KB
MD5

a16cf5a0b8723f885e946d0f6e07acdd
SHA1

eb4f4d0b8eef78da01e04134d411e2ab24b35466
SHA256

f4bd456f2764cc7b14eb1126d5eb222019c6d57ebf6046ea88aeb675e5dd577c
SHA512

457911af9900f05eaafa3d0d470d9bae7df455fc65b015cb6ce6e9ec0d08bdb1bf7653682dbd5ffedf788a493d55a20f2acc3e03778cf8b0a3a3751e65698a5d
SSDEEP

12288:dfEa/df6CSD2OjO2fTNitHjmuUHcI240XLWXV4I0ns4mYYLeqK:RE0GlL0HlIokVF4EL0

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3480 2480 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3480	2480	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4100 wrote to memory of 2480	4100	rundll32.exe	rundll32.exe
PID 4100 wrote to memory of 2480	4100	rundll32.exe	rundll32.exe
PID 4100 wrote to memory of 2480	4100	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\Qt5Network.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZ_Tools_v2.7.3\Qt5Network.dll,#1
2⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 716
3⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2480 -ip 2480
1⤵
PID:1608