005cc5fcee47af9761a6d41b5789683ad454ffa416a7bd7a9d3472ddf9fc230e

Analysis

max time kernel
88s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 02:55

Target

$PLUGINSDIR/FileInfo.dll
Size

589KB
MD5

96db521a774244bbab1de9d93d2b0a64
SHA1

27c8304e4b17a5a59d414de8ef77b056609c21bc
SHA256

f79eaaa02157d6f4cd44d3282ae039ced8ac9fac964ea4d7ed7c12ca92f5833c
SHA512

b0bc0e858e0a98c9c7e3f5479249fb4f9f6a92f7680fc437950e94499fe0dff3f778a8c2f8f0dd6d5d61fd9a209817bb59d3166d1f19d9adf1ee2153e00859c3
SSDEEP

12288:v1M3EgrfsgXqaW2SLHuOjcqUEETcw7/MvLhaQ1THqJe6A8UFNNP:v8EhGS3Q70vLY4TH+ej8UFfP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4316	1488	WerFault.exe	21

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 1488	4576	rundll32.exe	21
PID 4576 wrote to memory of 1488	4576	rundll32.exe	21
PID 4576 wrote to memory of 1488	4576	rundll32.exe	21

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FileInfo.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FileInfo.dll,#1
  2⤵
  PID:1488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 628
    3⤵
    - Program crash
    PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1488 -ip 1488
1⤵
PID:1884