842774fad0e00fd214ce0d72f9003dcb75ee7dee637d0a7fa77cb36bf9f191bc

Analysis

max time kernel
63s
max time network
34s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 03:57

Target

$PLUGINSDIR/NSISdl.dll
Size

12KB
MD5

a10c9c9f5474ed8c13ff5e182655eb9f
SHA1

ffa6073f6b1724183d570c368c3025430de1ee33
SHA256

17055e463a04435bdb5fea5d634af12a4678ff5d680196da230879ad24622ee3
SHA512

bd7222d4ee6516b9be7f498858812ebfa824f657ef5298cfc813ad91fdfb6129642232d4c47f2edc4c2b8d2619ba7530a5195d53e9017435e7e8ef742f60fdb5
SSDEEP

192:ATPN9E1B0OUrW7VymsS9WmaYqkzJqa5Maamy6J0WVpzuzzPzrR2Z+:ATzEbUrW9tWmaY/zJ+aFy6CWVUzDP8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2348	2328	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2316 wrote to memory of 2328	2316	rundll32.exe	29
PID 2328 wrote to memory of 2348	2328	rundll32.exe	30
PID 2328 wrote to memory of 2348	2328	rundll32.exe	30
PID 2328 wrote to memory of 2348	2328	rundll32.exe	30
PID 2328 wrote to memory of 2348	2328	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 228
    3⤵
    - Program crash
    PID:2348