906115e099f99cb80ef571703ebb39ed243608a2174fda7e2dc252953631a69f

Resubmissions

25/12/2023, 00:09

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:09

Target

generator/python37.dll
Size

3.3MB
MD5

7bc5ea400e1ab182b58d90aea9abc64c
SHA1

ccf483cf6205ce7e3c14827ed22baf142a736d3e
SHA256

386b543a7066ae1ceedb0951ffb5ae0de65be84b5ab71fb2b697d3fa55d6dd35
SHA512

3aa87081c6b226723eec24206f447098a40e2487b74bc7d961d96d31aa48a0e3f9c23a96acfb76b8d5809a3e3023e1b1b0b804d6f43b2bfce4e1b6ae1243238a
SSDEEP

49152:XKkU5YxmnGhmbUW1//wiRAuv5VbP4tAeF3/I5liHP+MZncPu63TixQsAMY2Y+OKx:DhKUKlTbWA5cHmMZx6grA4Y+OKx

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	1068	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 2868 wrote to memory of 1068	2868	rundll32.exe	28
PID 1068 wrote to memory of 2168	1068	rundll32.exe	29
PID 1068 wrote to memory of 2168	1068	rundll32.exe	29
PID 1068 wrote to memory of 2168	1068	rundll32.exe	29
PID 1068 wrote to memory of 2168	1068	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\generator\python37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\generator\python37.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 220
    3⤵
    - Program crash
    PID:2168