101480a9d6c96a96091c42b7c558ab9c0adc09d4f9730d5216e7f3ef365d364a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 07:31

Target

$PLUGINSDIR/nwryavwr.dll
Size

107KB
MD5

1353d790f14330380d8e54671b6e8e39
SHA1

ab6b6f3c3ab85f6a40a4fa6cf90c289e79ab5223
SHA256

e21b8a739f8a48e1b36e8fa5fd559315d24a4507d3f1dd5885b0a756e26fdcc0
SHA512

35b66d7ff413a9c26032f178da1bad2ebbe46c8dfc54923d52e296712ba4643803b89737e4a22a2493ee7156294e16b0104cdea818ad8b4e16f64b2dc7f1758c
SSDEEP

1536:uJKrVdw3Rl6CoVRrsRwmycygd5AppdWMYHTp214wyDVrSUeRN:uJKrVKhl6Ns16rxWY14dYUeR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1544	1540	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 2232 wrote to memory of 1540	2232	rundll32.exe	28
PID 1540 wrote to memory of 1544	1540	rundll32.exe	29
PID 1540 wrote to memory of 1544	1540	rundll32.exe	29
PID 1540 wrote to memory of 1544	1540	rundll32.exe	29
PID 1540 wrote to memory of 1544	1540	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nwryavwr.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nwryavwr.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 220
    3⤵
    - Program crash
    PID:1544