735eda92258a85f598eb9302fdd132f3256eacf6c8473ef152d529b23b4fe722

Analysis

max time kernel
93s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 12:01

Target

HLMV_standalone/bin/wxmsw312u_propgrid_vc_custom.dll
Size

784KB
MD5

f2aa57eeabb9fed19ce1e4c6c552d26b
SHA1

bd6047743db0042f7ad4f07b69f141f8849756e3
SHA256

526d98532cbb8db1eea0bc179ac4186e6a5a87310492d19167afe0d477b12390
SHA512

2c78447cf3fcfe0287b6115d20299ed2ae2fa54fba476f73872e17748ec62fe6e49042325fb27a09ab430ade0538eb6a86d31315989ef00436f0e8d2bd42e6f3
SSDEEP

6144:CFWltZ2+iWy2hpqXXIk32fRLDmUIcF3RJjLQ0VwJbu/nOsgMCRL8qPpg8V8m878n:Yw2YtEF32fZxXVzOv/DRa1Oja

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3648	4328	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 4328	3796	rundll32.exe	86
PID 3796 wrote to memory of 4328	3796	rundll32.exe	86
PID 3796 wrote to memory of 4328	3796	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HLMV_standalone\bin\wxmsw312u_propgrid_vc_custom.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\HLMV_standalone\bin\wxmsw312u_propgrid_vc_custom.dll,#1
  2⤵
  PID:4328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 660
    3⤵
    - Program crash
    PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4328 -ip 4328
1⤵
PID:2580