184238497be5068f3544229b2d294552e4891248fc17468c85c2887118cea305

Analysis

max time kernel
1614s
max time network
1619s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/04/2023, 13:08

Target

Evon/runtimes/win-x64/native/WebView2Loader.dll
Size

134KB
MD5

3d9b43a2c4cd54902f418f5a0f68454e
SHA1

244ef7c672659d4201b38e288f16e29e52ffbe4b
SHA256

398067e286fba58e3ea2e5aaace0e17b17367fcbe8f6087ed10817737aefbc12
SHA512

d8802ed37324c9c1f9c81fde5ff1e964fceeaf30ea42b35eda621f9c9bdf46dfd811945595e219619557521446b29423d0b2cd7276d074fd88a1fd2095c48e1f
SSDEEP

3072:Q1Ua32yCHjjTrxvJ7KP+6hJug3esZTEEtnDzUwsramu86n:omyCDj31JGW6fCEt0Tir

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	1588	WerFault.exe	14

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1508	1588	rundll32.exe	26
PID 1588 wrote to memory of 1508	1588	rundll32.exe	26
PID 1588 wrote to memory of 1508	1588	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Evon\runtimes\win-x64\native\WebView2Loader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1588 -s 84
  2⤵
  - Program crash
  PID:1508