281c4689f43ec1a61c9aacd19b2aad308c03c27aa5d50233e90f528d3a0c8490

Resubmissions

15/11/2023, 12:29

15/11/2023, 12:19

15/11/2023, 10:59

max time kernel
190s
max time network
143s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 12:29

Target

INSEINC_c.dll
Size

599KB
MD5

c2952876ad4bc6c03d9f39b8e8832ac6
SHA1

8dd793a2e0c2a620184278a15a907f7db6e37801
SHA256

281c4689f43ec1a61c9aacd19b2aad308c03c27aa5d50233e90f528d3a0c8490
SHA512

2f85ea6804a13fe4b2fede1345013bb60ecbff023f82c770a2e4ea91fd1f5b4bf1debd926d83a58eb4f5584980477c3213ad60831742b1206834b527f07be7eb
SSDEEP

12288:CuZwm2CIUp+FyE8QGHWg0DWppX/zDMUs8itSfWHWac5M61bb:CSwm2op+8iGWgPvzBs9S3G6x

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2644	2712	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2668 wrote to memory of 2712	2668	rundll32.exe	29
PID 2712 wrote to memory of 2644	2712	rundll32.exe	30
PID 2712 wrote to memory of 2644	2712	rundll32.exe	30
PID 2712 wrote to memory of 2644	2712	rundll32.exe	30
PID 2712 wrote to memory of 2644	2712	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\INSEINC_c.dll, KSVri5061
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\INSEINC_c.dll, KSVri5061
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 224
    3⤵
    - Program crash
    PID:2644