a3e83742c685ef5027595a0a79075b8422f61bb509994550a81a4136f376a6f6

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2024 13:22

Target

SecuriteInfo.com.Win32.Evo-gen.21536.11389.dll
Size

1.6MB
MD5

526ea2dcbfe7b9afa39dec5da86efdac
SHA1

b967209b38b73a3dcdcb49789324fd2863503e07
SHA256

a3e83742c685ef5027595a0a79075b8422f61bb509994550a81a4136f376a6f6
SHA512

d59f0f3c46562c9faa66c6a5a907bdc0cf1c1cb12152d0e2c068a507a4a63585d99e3b8b9b732cd0aa5f062a99b37383c04e4c7d754f11e26fa99d78f640400c
SSDEEP

24576:u2d48Y1cLt8DK2T51ZIbY9dEEAb7GTq7LA84ZMSFeHS+cNW6zccbngc3fUcaKNc:uZuR8f1NAEc9v+ZMSky+yW6YcHPLrc

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4800	1176	WerFault.exe	14

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1176	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 1176	4524	rundll32.exe	14
PID 4524 wrote to memory of 1176	4524	rundll32.exe	14
PID 4524 wrote to memory of 1176	4524	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.21536.11389.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:1176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 760
  2⤵
  - Program crash
  PID:4800

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.21536.11389.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1176 -ip 1176
1⤵
PID:1616