e7490d25eb3e1553ec66c42b1474a2ff025072f3017eb882f7b15da0379ce9e0

Analysis

max time kernel
1775s
max time network
1173s
platform
windows10-2004_x64
resource
win10v2004-20240221-uk
resource tags

arch:x64arch:x86image:win10v2004-20240221-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
25-02-2024 20:41

Target

$PLUGINSDIR/Qt5Core.dll
Size

4.9MB
MD5

bfca86bb855f3a9ef183c142cc4276dc
SHA1

25204b414ef2d6541ea0787fe6df08843b4b521e
SHA256

92a28bccb70275c8d3bc4b9cad2c48c66198eadcb50509b9c69e8657fdba41d2
SHA512

fbae93b2d7c810afc390c494b1c825cf3e148bf31b5a6ded757d0c2dd4ecce37f8d7e2fb529f1ec5ef0480b8fdf429f7a93a588976bd862141c9ce093f4475d1
SSDEEP

98304:D/cPFLQEJuMEVJsv6tWKFdu9C9Ed74Gx80MEcUsk80MEcUsk80ycUsk80M6Ou:DsKJsv6tWKFdu9C9y7g

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

924 4812 WerFault.exe rundll32.exe

pid	pid_target	process	target process
924	4812	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4436 wrote to memory of 4812	4436	rundll32.exe	rundll32.exe
PID 4436 wrote to memory of 4812	4436	rundll32.exe	rundll32.exe
PID 4436 wrote to memory of 4812	4436	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Qt5Core.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Qt5Core.dll,#1
2⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 676
3⤵
- Program crash
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4812 -ip 4812
1⤵
PID:4804