a6fbd3cbf15de8a9cecbdddf26c0e1ab5b00f2dc116a9e67f791befc7da2d60c

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 13:53

Target

CRACK/no mega hack/libcurl.dll
Size

515KB
MD5

8b39e7ff6fc59522fcc15fbd2ea5d380
SHA1

62a0a3a8e2f439b564aed4c22968e55f81000d31
SHA256

0a5fd94b70de3fa777e0ee3d558aaf872ab8d88df830c096d9e0cfc6686c8ac3
SHA512

d4eb14963532a8ed09950f60deae2cd7557654cc5de5b039e7153896cd9deb31d5be0fe0d9e7aa016030a7d48bff07d127e29fb92f612bfe1ac97e9e3461059d
SSDEEP

12288:v9L2y6C3ciWnbanyo9Y8WSHsXE9uygmD/KGB3elPaxppG+XHO+8GAbHuPKuHv1AK:1LTx289pG+LAbHuPSWw4lV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1584	2600	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 2600	636	rundll32.exe	86
PID 636 wrote to memory of 2600	636	rundll32.exe	86
PID 636 wrote to memory of 2600	636	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CRACK\no mega hack\libcurl.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CRACK\no mega hack\libcurl.dll",#1
  2⤵
  PID:2600
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 644
    3⤵
    - Program crash
    PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2600 -ip 2600
1⤵
PID:4724