29b9ac9062421084dd15fba4d6f3facc62be57567ab25c94e4f0fb7610340a18

Analysis

max time kernel
123s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2023 18:29

Target

gmpopenh264.dll
Size

981KB
MD5

2a78a9afb83ce285c262358f15aabdd8
SHA1

7aaeb56467d39f3e42b32083d6b78a721c343f32
SHA256

bf0fe269593def9816272fe732baae9437e91fb545df55ddd0a714eb5ed6b178
SHA512

5e1970b7fb10338264ead87e0f752d7016b6bb221e05edacb8cd1b409e2bfe2d0f1fc1e0db05303d05f41b21f60a58f537c27b835eb4b0301b6b86ac927130b4
SSDEEP

24576:/w+TxGr5P+7MdDev+v2iSBFy/LTrgN3E2P1HWEgLcp/lBD6C1TkSZ1zgfM5fYqPN:/tTsr5rSBqgZE2P1YAlBD6C1TkSZVgk7

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3476 3212 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3476	3212	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1764 wrote to memory of 3212	1764	rundll32.exe	rundll32.exe
PID 1764 wrote to memory of 3212	1764	rundll32.exe	rundll32.exe
PID 1764 wrote to memory of 3212	1764	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
  2⤵
  PID:3212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 600
    3⤵
    - Program crash
    PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3212 -ip 3212
1⤵
PID:4720