06035c50bb3e3f927f2b9921697438c9acead3722c70a6a35fd857f454ed7373

Resubmissions

17/01/2024, 20:15

17/01/2024, 20:11

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/01/2024, 20:15

Target

$PLUGINSDIR/nsis7z.dll
Size

391KB
MD5

c6a070b3e68b292bb0efc9b26e85e9cc
SHA1

5a922b96eda6595a68fd0a9051236162ff2e2ada
SHA256

66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b
SHA512

8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8
SSDEEP

6144:KI4T3K6gRPI8G1W3ODli+GIuuu8M1CkJagSdJFCAvgw7nv0Yy6ptK:KBK6gU1YsI+GIuEbgagS7FCyp7cD6po

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2344	2732	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2888 wrote to memory of 2732	2888	rundll32.exe	17
PID 2732 wrote to memory of 2344	2732	rundll32.exe	16
PID 2732 wrote to memory of 2344	2732	rundll32.exe	16
PID 2732 wrote to memory of 2344	2732	rundll32.exe	16
PID 2732 wrote to memory of 2344	2732	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 224
1⤵
- Program crash
PID:2344