3f8320152704377de150418a3c4c9d07d16d80a6c0d0d8f7289c22c499e33571

Analysis

max time kernel
148s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 16:06

Target

platform-tools/AdbWinApi.dll
Size

105KB
MD5

7814766c7c6d8bfb09ad071512843556
SHA1

c7ceaa300f9bcc501606dac8cc0039fc18600b9d
SHA256

689e4263252c734ee40d748f0e5a911801c6083a8e81b5040fd9c49dff3bfdce
SHA512

1904cbc41033cb7c9e9f4b27c12fe69ba449d630d5f95b769e2a8001a5de54eaf8e6ba4bd66d4cece7f2fe5a400c59bdf06c67253bd0c903dcc50faf30de1d28
SSDEEP

1536:nwqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCPo7nxx47:nwqD3L8Tezq0et+ui1yJk7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4820	1972	WerFault.exe	78

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 1972	4964	rundll32.exe	78
PID 4964 wrote to memory of 1972	4964	rundll32.exe	78
PID 4964 wrote to memory of 1972	4964	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\platform-tools\AdbWinApi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\platform-tools\AdbWinApi.dll,#1
  2⤵
  PID:1972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 496
    3⤵
    - Program crash
    PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1972 -ip 1972
1⤵
PID:3272