30aecb1d0bb7c6f8de3f21937ff121ccfee96e0454a1e9a156fefbf8accc8770

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 08:22 UTC

Target

$PLUGINSDIR/Zip.dll
Size

76KB
MD5

bd448b748b6fb2fc268f297363ef69e5
SHA1

0c33557703b39928d19520651001607724f5cf8d
SHA256

b3a67c05d7788b1310b342bea37d69a84d9c7997c729f489f9602148f9a6d708
SHA512

555f049387a924c1a3feb38582abb3c5b238df5975c4f739690e2bad06ce5bfce02c2deb46816aacbf73e76292382e8974484e9886f079de69ddad1268a0ea0d
SSDEEP

768:2qzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohv:2hQspHrXK5eKO5KysyxAd4CiR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1376	3052	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 1216 wrote to memory of 3052	1216	rundll32.exe	28
PID 3052 wrote to memory of 1376	3052	rundll32.exe	29
PID 3052 wrote to memory of 1376	3052	rundll32.exe	29
PID 3052 wrote to memory of 1376	3052	rundll32.exe	29
PID 3052 wrote to memory of 1376	3052	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Zip.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Zip.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 224
    3⤵
    - Program crash
    PID:1376