5cdd8f582f0d36c5e559dcc609ce91fde888dea52fb60516164fb3819df7b717

Analysis

max time kernel
153s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 04:33

Target

- MuServer97+99 Viciados/GameServer/mumsg.dll
Size

48KB
MD5

536cb9f2bd31bb423c80fbd73164aaf6
SHA1

ad2593d4aa3311f3c5a2a00694880920d3de9133
SHA256

a12030781117681ef10cb67e3d409936d7620aba3751df8ac9ea0506f0da9704
SHA512

a5c2cca271e4b4a91fdc7138cddf23ec8bb03a5d73d94e545505d68e25f5feb3d9ca6cef5661d61297d69cc1da0037cfeaecd0839680be8836738627cc5b1a6f
SSDEEP

768:l9VFIOTpYWNoCYYygQmmzsu4SdppGsFPKoaSai:l9LIOTpkgQmhYpQsIoaSa

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2488	228	WerFault.exe	90
4752	228	WerFault.exe	90

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 228	4432	rundll32.exe	90
PID 4432 wrote to memory of 228	4432	rundll32.exe	90
PID 4432 wrote to memory of 228	4432	rundll32.exe	90
PID 228 wrote to memory of 2488	228	rundll32.exe	98
PID 228 wrote to memory of 2488	228	rundll32.exe	98
PID 228 wrote to memory of 2488	228	rundll32.exe	98

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\- MuServer97+99 Viciados\GameServer\mumsg.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\- MuServer97+99 Viciados\GameServer\mumsg.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 600
    3⤵
    - Program crash
    PID:2488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 600
    3⤵
    - Program crash
    PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 228 -ip 228
1⤵
PID:2464