e7490d25eb3e1553ec66c42b1474a2ff025072f3017eb882f7b15da0379ce9e0

Analysis

max time kernel
1635s
max time network
1890s
platform
windows10-2004_x64
resource
win10v2004-20240221-uk
resource tags

arch:x64arch:x86image:win10v2004-20240221-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
25/02/2024, 20:41

Target

$PLUGINSDIR/libcrypto-3.dll
Size

3.5MB
MD5

3b4dce9348385fbb3dee25e3e0db7efb
SHA1

f760a89a8bbeff22d3a837ee50089a616c9e247d
SHA256

b99f87138165561775b29283879722333082c5f12f4716ee423da880aefc9fb9
SHA512

dac1a728dd9388120b05ec79bcc6005a1a50f28a4051500acca24217e9efccec8529e377537d6bc5f6cc9a87a1aa3e5ce7206a04b5283848499f5f46eb8ca800
SSDEEP

98304:/HWhBT1l8mO5cjksZ0Wo0D9Owxucj+D1CPwDvt3uF5YCQ3i:EkmO5cjksZ0Wo0D9Oncjs1CPwDvt3uF1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2636	3836	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3836	2792	rundll32.exe	83
PID 2792 wrote to memory of 3836	2792	rundll32.exe	83
PID 2792 wrote to memory of 3836	2792	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\libcrypto-3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\libcrypto-3.dll,#1
  2⤵
  PID:3836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 632
    3⤵
    - Program crash
    PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3836 -ip 3836
1⤵
PID:1856