b219c036534453233322a674113c575f3bb374b2f3114012c72d4b5b5dcd8d9a

Analysis

max time kernel
127s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:31

Target

sox-14.4.2/libsox-3.dll
Size

2.2MB
MD5

acdb7f5ecee425f091dd55bd90f2911c
SHA1

c6e51a936b699ee3c5c9fc966fd90041ddb88e46
SHA256

240a7e47a4274908786220f1b92372ed1b5f2a1c29874292fad5e64f120d84b4
SHA512

4ef00d74cffe0738041b1ebdb994fa05611c4a8e7cef7da2d8a5a1271d50e455e10cae00b76c4d53f55c06adfbe5330b584d4c1309aadb0d0c3b8b46503d0f17
SSDEEP

24576:OjWwy1Ms9E+L21vTrmH5KcxVp3paEs83/igAPmv39hb4tn/5OtAuJ9VXynZ1w:Oj3ynXmvTrqn7pds8KgAPmv9h2uFOZ1w

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3940	2156	WerFault.exe	89
4548	2156	WerFault.exe	89

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 2156	4572	rundll32.exe	89
PID 4572 wrote to memory of 2156	4572	rundll32.exe	89
PID 4572 wrote to memory of 2156	4572	rundll32.exe	89
PID 2156 wrote to memory of 3940	2156	rundll32.exe	98
PID 2156 wrote to memory of 3940	2156	rundll32.exe	98
PID 2156 wrote to memory of 3940	2156	rundll32.exe	98

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sox-14.4.2\libsox-3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sox-14.4.2\libsox-3.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 640
    3⤵
    - Program crash
    PID:3940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 640
    3⤵
    - Program crash
    PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2156 -ip 2156
1⤵
PID:4872

memory/2156-0-0x0000000064080000-0x00000000640CB000-memory.dmp

Filesize
300KB

Download
memory/2156-1-0x0000000067D80000-0x0000000067F95000-memory.dmp

Filesize
2.1MB

Download
memory/2156-2-0x0000000067D80000-0x0000000067F95000-memory.dmp

Filesize
2.1MB

Download
memory/2156-4-0x000000006CEC0000-0x000000006CF2D000-memory.dmp

Filesize
436KB

Download
memory/2156-5-0x0000000063600000-0x0000000063666000-memory.dmp

Filesize
408KB

Download
memory/2156-8-0x000000006B680000-0x000000006B712000-memory.dmp

Filesize
584KB

Download
memory/2156-10-0x0000000068B40000-0x0000000068B7A000-memory.dmp

Filesize
232KB

Download
memory/2156-9-0x000000006B3C0000-0x000000006B3D0000-memory.dmp

Filesize
64KB

Download
memory/2156-11-0x0000000070680000-0x000000007068E000-memory.dmp

Filesize
56KB

Download
memory/2156-7-0x000000006D540000-0x000000006D571000-memory.dmp

Filesize
196KB

Download
memory/2156-6-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2156-12-0x0000000068AC0000-0x0000000068AD7000-memory.dmp

Filesize
92KB

Download
memory/2156-13-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/2156-14-0x0000000069180000-0x00000000691AD000-memory.dmp

Filesize
180KB

Download
memory/2156-15-0x0000000065080000-0x000000006509C000-memory.dmp

Filesize
112KB

Download