7011b5995a1753ef8076c92c0d07441742aabee263bbd604f690b64778b85bc7

Analysis

max time kernel
243s
max time network
266s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:18

Target

Image Logger/RTHAL.dll
Size

653KB
MD5

8168295f8ccda92adb1c655545f50321
SHA1

442924e466ff2a776d7b412d3d8f087017d35d03
SHA256

ab4ada300ef3e0cfb40f34be440edc4b4b7ce2983caef5b463c92c93a53543b3
SHA512

97b93a3b63d80a2a3ca51ebc60d48a83fe43d45b0179bb462b305fb1699654cdfad5f32c2a00e4817378310a89f416088fb6903eaa1be8accb9ef890ab3fe4c2
SSDEEP

6144:fFLF2uIiNpmlJUAVAviz601DMAZ/FKOXNDLTF3HDMFO1PKM3CIS1i2f7iibXeYDQ:e7emlJNl+GT1FKOXNvZ3DM6jCIh

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2204 4208 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2204	4208	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3808 wrote to memory of 4208	3808	rundll32.exe	rundll32.exe
PID 3808 wrote to memory of 4208	3808	rundll32.exe	rundll32.exe
PID 3808 wrote to memory of 4208	3808	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Image Logger\RTHAL.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3808

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Image Logger\RTHAL.dll",#1
2⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 692
3⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4208 -ip 4208
1⤵
PID:4704

memory/4208-0-0x0000000000580000-0x0000000000591000-memory.dmp

Filesize
68KB

Download
memory/4208-3-0x0000000001FC0000-0x0000000001FFC000-memory.dmp

Filesize
240KB

Download
memory/4208-2-0x0000000001F60000-0x0000000001FBE000-memory.dmp

Filesize
376KB

Download