b53b9796303fb2d0969dd2bf5175e6f383d0689084d2a9b43037b9dbc1298748

Analysis

max time kernel
152s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 19:12

Target

Yagami 1.0/Qt5Widgets.dll
Size

6.1MB
MD5

dc4c46ae3135ef9a490a8d4e3d93fc24
SHA1

46e5243b1f07f91a4c2e5be29e69b5936e951ed4
SHA256

92496e05042ec28e54eca839d0438bfe57ce3ff0a1a6579a9bb81aebe23af32a
SHA512

2079dcc289b815fdf5815e0e6d93e1d6910db126bd2befc1f585190e7cb43e7fdc056c22eb9e442c80b02439a44db0d2a7d49d9965f625e23641e6479c8020f0
SSDEEP

98304:rW25ZgW8nM/b2lLtuPfKoETZGZlNAVd/b6S2/fyQ7M1JRpM6/dNTqAg4SmpH1KJJ:VeLtjmm4M/LT3Nz/K

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1700	2000	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 1168 wrote to memory of 2000	1168	rundll32.exe	28
PID 2000 wrote to memory of 1700	2000	rundll32.exe	29
PID 2000 wrote to memory of 1700	2000	rundll32.exe	29
PID 2000 wrote to memory of 1700	2000	rundll32.exe	29
PID 2000 wrote to memory of 1700	2000	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Yagami 1.0\Qt5Widgets.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Yagami 1.0\Qt5Widgets.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 244
    3⤵
    - Program crash
    PID:1700

memory/2000-54-0x0000000001FE0000-0x00000000025D6000-memory.dmp

Filesize
6.0MB

Download
memory/2000-56-0x0000000001FE0000-0x00000000025D6000-memory.dmp

Filesize
6.0MB

Download
memory/2000-58-0x0000000061FC0000-0x00000000625D5000-memory.dmp

Filesize
6.1MB

Download
memory/2000-59-0x000000006EB40000-0x000000006EB64000-memory.dmp

Filesize
144KB

Download
memory/2000-60-0x0000000064B40000-0x0000000064B5B000-memory.dmp

Filesize
108KB

Download
memory/2000-61-0x000000006FE40000-0x000000006FFBE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-62-0x0000000068A80000-0x0000000069044000-memory.dmp

Filesize
5.8MB

Download
memory/2000-63-0x0000000001FE0000-0x00000000025D6000-memory.dmp

Filesize
6.0MB

Download