6ef3fa9a8b97f85933efef561b18e217df18b0a883e6bf63d6a5d271cc57fa2d

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27-08-2023 06:22

Target

addons/custom_items_games.dll
Size

35KB
MD5

a53879094120d82f70c69e713924bf51
SHA1

02fa565b536a433b4156dd480b1541b4f27390ec
SHA256

d579dee587635a0108ad9aa4bda7c2176e17ccfc7757a59562e91a8190a9cf99
SHA512

21736cdfbada2d06f8a9b51dc0cce80a434b76caa9ec538da129a8d7b95987c78fb8f2d695e4d2c9e78dd96b8b6dbfa8bd9d524a97227e67a48fd7bfb45fba9d
SSDEEP

384:YEPnq/A7Jzdiho5P+WYJq1pweiqY9oiZQVbIhleHZJzeZZjzNuZqETRmSH+jUQfG:bZdX/Cq1pV+LQChY59Y1nCUaQfsfak

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	1188	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1988 wrote to memory of 1188	1988	rundll32.exe	28
PID 1188 wrote to memory of 2136	1188	rundll32.exe	29
PID 1188 wrote to memory of 2136	1188	rundll32.exe	29
PID 1188 wrote to memory of 2136	1188	rundll32.exe	29
PID 1188 wrote to memory of 2136	1188	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\addons\custom_items_games.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\addons\custom_items_games.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1188
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 224
    3⤵
    - Program crash
    PID:2136