6e40138bc8706fa6b9bb5afebe1c3cadba9dcd8784274acc5eb4d02baca319b4

Analysis

max time kernel
12s
max time network
15s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 11:51

Target

binkw32.dll
Size

164KB
MD5

aefcee5d1319929889267a470d261edc
SHA1

5fbb6886b1a7647a65da8c926f1a0d921bb9ccc3
SHA256

6e40138bc8706fa6b9bb5afebe1c3cadba9dcd8784274acc5eb4d02baca319b4
SHA512

c697f5371d11009d25c2067f4affe72a9e29a41303b3926d97857a3b6a4c9363068f166e7c9124c37fcad8da7d1901c8c800914488a5f18bb77f863a835230c9
SSDEEP

3072:c9oybeJkvjvekIVtsrk7rzmCH9et90ndj8lfuwuyMxtLgP2nWuHfO+3hH7YvLP/k:c9oybeJqjvqt77rzmY8r0ndjHBgP2nWK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2148	1072	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1692 wrote to memory of 1072	1692	rundll32.exe	28
PID 1072 wrote to memory of 2148	1072	rundll32.exe	29
PID 1072 wrote to memory of 2148	1072	rundll32.exe	29
PID 1072 wrote to memory of 2148	1072	rundll32.exe	29
PID 1072 wrote to memory of 2148	1072	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\binkw32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\binkw32.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 232
    3⤵
    - Program crash
    PID:2148