8505c83167206b75f9b21bf02cb6aca0cecf769842221bed094b5677f879612e

Resubmissions

24-05-2023 12:03

max time kernel
31s
max time network
92s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24-05-2023 12:03

Target

CraxRat V4 CRACK/LiveChartsCountries.dll
Size

59KB
MD5

740659d4411bcf877f27217a2710b874
SHA1

9df5c0d033e49026995e846fe27e1ab4955d43b1
SHA256

f6e951697226a85e8ad11578a20a0de8c1923afbc69dfce3f0e10ea823d54c1a
SHA512

96d810233dc40915d06c9adf6f49a62be8321a0ea6ace3c139922272dcf543e48b041b341694c126727e37e7a4ca1bd4ba7395ca18d998f629e87aa409c36b37
SSDEEP

1536:E3VBdmmdVR/GF3VZC/owI8bbS56VX1xPzSoE3xy:EFDht/GF3VZC/xdu6VlxPzhIxy

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2840	2316	WerFault.exe	67

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2316	2248	rundll32.exe	67
PID 2248 wrote to memory of 2316	2248	rundll32.exe	67
PID 2248 wrote to memory of 2316	2248	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CraxRat V4 CRACK\LiveChartsCountries.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CraxRat V4 CRACK\LiveChartsCountries.dll",#1
  2⤵
  PID:2316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 1016
    3⤵
    - Program crash
    PID:2840

memory/2316-123-0x0000000004EF0000-0x0000000004F08000-memory.dmp

Filesize
96KB

Download
memory/2316-124-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/2316-127-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download