3343644e85fc33f8cd3b97e0f7275053f1c272932379c61b3c0d3c620a23a4ee

Resubmissions

08-02-2024 19:42

08-02-2024 19:33

max time kernel
83s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2024 19:42

Target

Korepi/dll/vk_swiftshader.dll
Size

4.3MB
MD5

ad00a712203b9dfb702d886e43d215e6
SHA1

1921d4d14b5ac0a669f69cd852a41eba8377a434
SHA256

01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc
SHA512

f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0
SSDEEP

49152:TRFxCyzWuNtr3nQAqKktwjcXBQkHTTZjbryATFeYkScdII2HM2lbpTFk6dwkIIq/:TR+rwY1V2iy0SpGOjECAetx80J

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2148 448 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2148	448	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2844 wrote to memory of 448	2844	rundll32.exe	rundll32.exe
PID 2844 wrote to memory of 448	2844	rundll32.exe	rundll32.exe
PID 2844 wrote to memory of 448	2844	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\dll\vk_swiftshader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Korepi\dll\vk_swiftshader.dll,#1
2⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 600
3⤵
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 448 -ip 448
1⤵
PID:4916