f216c50f1d670afa8f530f85d431580901914c3780b2b6a25fd4cdd0b4c6d8da

Analysis

max time kernel
134s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2023, 17:43

Target

Project 64/Project64 1.6/Plugin/RSP.dll
Size

107KB
MD5

23706412ee7a8e7c2c2aa218f9258dd8
SHA1

67fab0e559f4068298b4ca8a682dd2e63be4ac07
SHA256

cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9
SHA512

b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8
SSDEEP

3072:7KK0XNyp96PTWaWeIZcDrO5FiLJO1U2VnxjFvupmulnGk:+XN+eiLIrSO2VxRvugq9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	2032	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2032	1548	rundll32.exe	82
PID 1548 wrote to memory of 2032	1548	rundll32.exe	82
PID 1548 wrote to memory of 2032	1548	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project 64\Project64 1.6\Plugin\RSP.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project 64\Project64 1.6\Plugin\RSP.dll",#1
  2⤵
  PID:2032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 568
    3⤵
    - Program crash
    PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2032 -ip 2032
1⤵
PID:2152

memory/2032-133-0x0000000010000000-0x0000000010047000-memory.dmp

Filesize
284KB

Download