a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 03:11

Target

$PLUGINSDIR/Checker.dll
Size

41KB
MD5

38c79160cbe66696a1fb49a77e9383cc
SHA1

a113f19a56e3d8a3d814687e8e42b499f1d199fd
SHA256

53323700e396135f41119d39d3080fad00da9d60e72a04a7f91b3c22464ca24f
SHA512

7aa2353d29b4984a4cd123c78dc0e0db71000fbdb2a10cf61a781235c40fff87520a850dedfac07675dd35a71bf9b7f6bd3763306fe297179ff2b95276edee33
SSDEEP

768:bNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZvs9FN:bNZwApK0XlLYd9o29L

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	2544	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2988 wrote to memory of 2544	2988	rundll32.exe	28
PID 2544 wrote to memory of 2100	2544	rundll32.exe	30
PID 2544 wrote to memory of 2100	2544	rundll32.exe	30
PID 2544 wrote to memory of 2100	2544	rundll32.exe	30
PID 2544 wrote to memory of 2100	2544	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Checker.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Checker.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 224
    3⤵
    - Program crash
    PID:2100