87e2f95b873020d7d15ece6f5d2a2be539415997413ff45a51b23d0cef197e4c

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 00:37

Target

Widescreen HOR+ Support by Wesser/wshps.dll
Size

127KB
MD5

79d931ee3cfbe84b9025ce0c0e8cf744
SHA1

0b997a1f407cb3aa55cdd5206cbb3692d48accaa
SHA256

09d0c3f9d6e2619d85efe87b9a8564abecfa83526c39a8dd75933c2461b02075
SHA512

a2aa1903f3cfdab5f19120b185a000eacf6f58f54c820849e62cc55f4844257b57fe85d671ace7241e3539d46e35be96e7be85593c588b6b66ad3af0013c148e
SSDEEP

3072:y0vitq6mKOmfhcH6TpXTpqvpXB15/2Bb:y0viFOmpcH6B2xM

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2748	2788	WerFault.exe	82
2828	2788	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82
PID 1344 wrote to memory of 2788	1344	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#1
  2⤵
  PID:2788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 580
    3⤵
    - Program crash
    PID:2748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 800
    3⤵
    - Program crash
    PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2788 -ip 2788
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2788 -ip 2788
1⤵
PID:4496