242e52b3b090f6440f1dabf4fe71b45f54c6dd3343b9c5765f9ab19d527dae29

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 11:20

Target

$PLUGINSDIR/uoo.dll
Size

111KB
MD5

85b8a264242b4d7485ea38d284d7bdb0
SHA1

0f57e423af53ea24c6d65ccfb0bd619468ed9034
SHA256

6792ff415316004c700f38300e64ffe2867d1a0d981148b56adbd2280bdb600c
SHA512

2535371b31e75a7ff921e8838455dc7a0913b8334a9f3f05c361b6b8bbdd89d4548c7b299d3588c83a7b741e5b1ba37886d15c3d810412f89ddd680d808c4da6
SSDEEP

1536:ZYRFan9b4Wn2fG8XWFdmRSOSusHEH/CzOR4CNEt/IWoA6Ee8lM8ObCFoV:iQ4q2TIduN6HtQWN6Ee8lM8ObCFK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	2132	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2452 wrote to memory of 2132	2452	rundll32.exe	28
PID 2132 wrote to memory of 2136	2132	rundll32.exe	29
PID 2132 wrote to memory of 2136	2132	rundll32.exe	29
PID 2132 wrote to memory of 2136	2132	rundll32.exe	29
PID 2132 wrote to memory of 2136	2132	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\uoo.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\uoo.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 224
    3⤵
    - Program crash
    PID:2136