fec4a1e000d4ed061e825fb3f6f555f1341ba99a03c04ed9f819d8635c04465b

Analysis

max time kernel
132s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 03:44

Target

Hack Launcher/source/libgcc_s_dw2-1.dll
Size

42KB
MD5

c4b4409f186da70fcf2bcc60d5f05489
SHA1

056663c9fd2851cd64f39d882f6758e7a987bd42
SHA256

b35f2a8f4c8f1833f3cdec20739c58e295758ce22021d03d4335043148bd7610
SHA512

cdcb945a82a0304e4d7cfc9ae9d7e5a5e81d4e3025e982494c87c283f6fac542181e9e1e3028456b9b0b5b6279990cb3e1a50f9df0f6e707c70fa0e23c7a808c
SSDEEP

768:sZ1l+WCdhTcpKn+CwZoyf/dadEU9mRWtyTN:41l+WGhIKn+CQ7EyW0TN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4136	1636	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 1636	3468	rundll32.exe	85
PID 3468 wrote to memory of 1636	3468	rundll32.exe	85
PID 3468 wrote to memory of 1636	3468	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\source\libgcc_s_dw2-1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\source\libgcc_s_dw2-1.dll",#1
  2⤵
  PID:1636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 600
    3⤵
    - Program crash
    PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1636 -ip 1636
1⤵
PID:1068

memory/1636-0-0x000000006E940000-0x000000006E950000-memory.dmp

Filesize
64KB

Download