133c1c17f426c9fcfdfa0e79b03efd58b1cf87141c0e6769fa8a555e83a784eb

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 17:31

Target

$PLUGINSDIR/ckhxbmg.dll
Size

169KB
MD5

663c6ae730b422de6e22663b65917a3f
SHA1

7ca4768e877801f05c9a78af4f3599008865420c
SHA256

500987b92964c1391004ab509cd12f676687957614539dfa48a7672daa2c04cc
SHA512

4d78424bf12f39fb7c2902f1b9a455b2783c166e46f3d38c72a027893fa6b930af7c64e358c50dc0177cfce28ef39a20215a65bbec4dca6998ea2846a52d1f99
SSDEEP

1536:G4azFCdcVOOsppXGc4JpRP/lsu0mSi8FQ9CxMEwjpSV10zc3VkE6Fl9Ei4L+nc2l:GHgd9pYQhSUczclkAiS+SwRzzxmMj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1592	3060	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 1448 wrote to memory of 3060	1448	rundll32.exe	28
PID 3060 wrote to memory of 1592	3060	rundll32.exe	29
PID 3060 wrote to memory of 1592	3060	rundll32.exe	29
PID 3060 wrote to memory of 1592	3060	rundll32.exe	29
PID 3060 wrote to memory of 1592	3060	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ckhxbmg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ckhxbmg.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
    3⤵
    - Program crash
    PID:1592