374d1476191b32a90334ec0f874949e14c4ce2d8098294b4e322cccdcf6dbe32

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/12/2023, 11:24

Target

Nkfskfkvosfjg.dll
Size

973KB
MD5

7b7b24fe695fcbe41b807f7b8176d57d
SHA1

e89f6f846d60ca900a2ffee5e11e4b83032cb77d
SHA256

374d1476191b32a90334ec0f874949e14c4ce2d8098294b4e322cccdcf6dbe32
SHA512

2cbb7c9bca9df04a18c657937e59013d68c974322159d43c0a6d88965bc1d8d7c3a61d753ea3ce768d3cd45ff53ae3e24344c48913ecadcacc6b03963c3b87d2
SSDEEP

24576:SXoc+NgQirDIIpUS+97z3+fRxHin6x/3/06KjL08ynA8YBqn/:Goc+AIYckfRxO65PZKjg3VYk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	2744	WerFault.exe	33

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2252 wrote to memory of 2032	2252	rundll32.exe	28
PID 2824 wrote to memory of 2828	2824	cmd.exe	32
PID 2824 wrote to memory of 2828	2824	cmd.exe	32
PID 2824 wrote to memory of 2828	2824	cmd.exe	32
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2828 wrote to memory of 2744	2828	rundll32.exe	33
PID 2744 wrote to memory of 2948	2744	rundll32.exe	34
PID 2744 wrote to memory of 2948	2744	rundll32.exe	34
PID 2744 wrote to memory of 2948	2744	rundll32.exe	34
PID 2744 wrote to memory of 2948	2744	rundll32.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Nkfskfkvosfjg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Nkfskfkvosfjg.dll,#1
  2⤵
  PID:2032

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:2160

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\system32\rundll32.exe
  rundll32 Nkfskfkvosfjg.dll,Enter
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32 Nkfskfkvosfjg.dll,Enter
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 224
      4⤵
      Program crash
      PID:2948

memory/2032-0-0x0000000010000000-0x00000000100F7000-memory.dmp

Filesize
988KB

Download
memory/2744-1-0x0000000010000000-0x00000000100F7000-memory.dmp

Filesize
988KB

Download