67e852ba6b36923952242fd6b4e30c717c478a2a52e4b8f68caf064f3bab310b

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 21:47

Target

ChinaFTP/DBEngine.dll
Size

548KB
MD5

8e9758cc0f272009ba08216f8c47dc8f
SHA1

1e8baea44ae758ed09e49ca9846bddad5a72b740
SHA256

d4ced15789518788a6e7629257ff3d71a648dd3cc27deb4ffc124ad24f59386e
SHA512

06f6c1f029b04d1cf9dadb662ae9b737e9ff139a20aa17008ff1a1bc810c12522e2fe0c98d42f6fad1921607eb5edc33741e7ecc70badbf7e79eae90734e4e7a
SSDEEP

12288:VaGgyuFg7YTR4N41EGVAyogvunDj0bj1OciPuG5bvKaVAHuWECU:VaY/4R4O1lVB3vnx8uG55WECU

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3748	2976	WerFault.exe	12

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2976	4820	rundll32.exe	12
PID 4820 wrote to memory of 2976	4820	rundll32.exe	12
PID 4820 wrote to memory of 2976	4820	rundll32.exe	12

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ChinaFTP\DBEngine.dll,#1
1⤵
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 600
  2⤵
  - Program crash
  PID:3748

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ChinaFTP\DBEngine.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2976 -ip 2976
1⤵
PID:3628

memory/2976-0-0x0000000060900000-0x0000000060982000-memory.dmp

Filesize
520KB

Download