2490184d336357af2480d093a42478fe41240b1bf59606e968ad1fbf45f8114c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 05:57

Target

$PLUGINSDIR/jkmxtii.dll
Size

158KB
MD5

b494208d857adf16f64eee4887720973
SHA1

e254c004a55d3dc5f3e928aa85f29c829f1b210c
SHA256

da43bf45c498988d7658d66967d45bfc37f522e4a79b05b7c63cf6caafb3b916
SHA512

737b21bccbdbe8fde3a7d79d28bc3d1895a0025fb8747b72e50142b65acfa69515c68c6d03bb5409a684f159e35b9700d7fc1f916a5d6cbae3ca8cb67855f273
SSDEEP

3072:bf7vMaQXU1HLsg7c6r8n9EYD+TeuUsIqlGj9:bflr1Hin9EaQPGj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
852	2468	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2676 wrote to memory of 2468	2676	rundll32.exe	28
PID 2468 wrote to memory of 852	2468	rundll32.exe	29
PID 2468 wrote to memory of 852	2468	rundll32.exe	29
PID 2468 wrote to memory of 852	2468	rundll32.exe	29
PID 2468 wrote to memory of 852	2468	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jkmxtii.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jkmxtii.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 224
    3⤵
    - Program crash
    PID:852