16f73fb34fae0f190c150ea6d34209852f8e7a023ce269ec082d9ef3f4375ba1

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:26

Target

586km.comp222pSearcher910/mp.dll
Size

14KB
MD5

e561a29f5af13c3ad7c8f9c245f1320c
SHA1

94a89cd304e999e3c1ee1ad62a27f11363422e55
SHA256

b78eb55a655cbe0b5c2776c83ef82d3c92af987720476b0db7a9c340dba5a626
SHA512

146736de81649352f3b2d6b973145877279d76ece192e9acc5b4afd5cf856e8508c843ec1df756714f650f5ea8536a15d82dcdbf2ba2deb9d7b912be66574f20
SSDEEP

384:KX5h+mSXLnhqM520+CNbVGa2XKlTW3iNyHrO:K5hmh1520XbUa2aLNwrO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1968	1900	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 2000 wrote to memory of 1900	2000	rundll32.exe	28
PID 1900 wrote to memory of 1968	1900	rundll32.exe	29
PID 1900 wrote to memory of 1968	1900	rundll32.exe	29
PID 1900 wrote to memory of 1968	1900	rundll32.exe	29
PID 1900 wrote to memory of 1968	1900	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\mp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\586km.comp222pSearcher910\mp.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 228
    3⤵
    - Program crash
    PID:1968

memory/1900-0-0x0000000000170000-0x00000000001C6000-memory.dmp

Filesize
344KB

Download