41e15398fd307889c9814284f9df4cfbb1fff1d8294981e1947badea5b3567fe

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 21:53

Target

CS_OGC FX v3.3/OGC FX v3.3/older versions/OGC FX v3.1.dll
Size

331KB
MD5

bd2d7a7c168aa84474587ccb44704bfb
SHA1

a1f2f4c92b32b33d80b9a967ec33f8e2a689b4d5
SHA256

88a0be9e0acee83fec6f3cdb38c783355c6efb4b5c30b7f7fa38324e5fc52754
SHA512

c6996749258f42867ea29eadb9453b280c7087cece335677aec02f1127b7f22313882718c5a333d2d4e6580d941260210fd988c07c36c91e3864624267d48b54
SSDEEP

6144:n28kkE+6zqgSnqEk5Gu4e5aVlFe6iiFqcuxzLVWIYRUSRQr7WEBD6y7:n2/qxTuV5aBXiiZuxzL4IG7RG7WEX7

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2156	2696	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2696	2112	rundll32.exe	88
PID 2112 wrote to memory of 2696	2112	rundll32.exe	88
PID 2112 wrote to memory of 2696	2112	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CS_OGC FX v3.3\OGC FX v3.3\older versions\OGC FX v3.1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CS_OGC FX v3.3\OGC FX v3.3\older versions\OGC FX v3.1.dll",#1
  2⤵
  PID:2696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 612
    3⤵
    - Program crash
    PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2696 -ip 2696
1⤵
PID:4940

memory/2696-0-0x0000000010000000-0x000000001008D000-memory.dmp

Filesize
564KB

Download