29ff84f6e9fb316c311f0e1d7283488c8f57f55817f5d7a5507411307576d9e4

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 21:12

Target

supremacyvirata.dll
Size

803KB
MD5

2a25843a94aae8ab8a470927ba1bc262
SHA1

97a49a976987903f6a9c879f954bbe33ccfa4792
SHA256

29ff84f6e9fb316c311f0e1d7283488c8f57f55817f5d7a5507411307576d9e4
SHA512

4198af9faca0aad8ac75f6168368bc6ac8e2690ab69d873081af12d16a5c8d96f45aae328ae506286fa72646203d6d012ab363537eba5d083c8730d743e975aa
SSDEEP

24576:xPZqOXwNAgZubBuy8Wj7creoZIZlhGmn4:vlgNAgkbBTxoiamn4

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2180	1480	WerFault.exe	82
4032	1480	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 1480	3696	rundll32.exe	82
PID 3696 wrote to memory of 1480	3696	rundll32.exe	82
PID 3696 wrote to memory of 1480	3696	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\supremacyvirata.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\supremacyvirata.dll,#1
  2⤵
  PID:1480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 832
    3⤵
    - Program crash
    PID:2180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 792
    3⤵
    - Program crash
    PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1480 -ip 1480
1⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1480 -ip 1480
1⤵
PID:3196