fec4a1e000d4ed061e825fb3f6f555f1341ba99a03c04ed9f819d8635c04465b

Analysis

max time kernel
135s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 03:44

Target

Hack Launcher/source/QtCore4.dll
Size

2.7MB
MD5

be3317d66646acc0bcb5dda1198db9b5
SHA1

bde91229d26afe7861db4522dcfa8e1b6fa68a84
SHA256

bc097cc75e9d0771cedeb46efae5e574d0fb5b9cf22750504f817a3590af0541
SHA512

fd6aaf3383dc3e67635c24826a43ee03abc5d6ffd07a9214939f9fa5047eafc8b0d3e0083a3a633dcc80f1c395b66362d1800860c9575bfd4004f18573840978
SSDEEP

49152:oxbwz+A9MHaJVHOsbbWOWXzzULQoAnqagHWL1hp0UnxGJsv6tWKFdu9ChTTLyvLm:4bwz+n6JVHNbb1WDnvgHWL1hp0UnxGJ/

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2888	796	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 796	4588	rundll32.exe	82
PID 4588 wrote to memory of 796	4588	rundll32.exe	82
PID 4588 wrote to memory of 796	4588	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\source\QtCore4.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\source\QtCore4.dll",#1
  2⤵
  PID:796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 656
    3⤵
    - Program crash
    PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 796 -ip 796
1⤵
PID:4268

memory/796-0-0x000000006E0C0000-0x000000006E37C000-memory.dmp

Filesize
2.7MB

Download
memory/796-2-0x000000006FBC0000-0x000000006FBC7000-memory.dmp

Filesize
28KB

Download
memory/796-1-0x000000006E940000-0x000000006E950000-memory.dmp

Filesize
64KB

Download