5c28511a37fa39869f2d6fef6f8e9c8e282216823ec401803b649d9b79b84260

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 12:54

Target

QtNetwork4.dll
Size

983KB
MD5

2b653fea9a9d62172154174f2fa9a8e3
SHA1

1581935c56c29522c9d65b68bb0ccbaf2b2cda46
SHA256

105612c82d548d034f1478968fb50bfe2d52f338dd003d5b3d5ac12ab3f1622e
SHA512

5390697d4abdb3d82ca1175b51be11d1999e89bb090fb540236196c9839705cac151968be6194b6e13999734dfb2377b135d5704f28d48fb304c627045be2b04
SSDEEP

12288:Ej6ao6Js7aRcHhazfkYSgMa854EMeTElfSODH+YAJmBHPykUetXtMxW+mbxr8F:EWl6OPHMfkYSz54EkfbH+lkt9kq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1564	4608	WerFault.exe	87

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 4608	4136	rundll32.exe	87
PID 4136 wrote to memory of 4608	4136	rundll32.exe	87
PID 4136 wrote to memory of 4608	4136	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtNetwork4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtNetwork4.dll,#1
  2⤵
  PID:4608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 660
    3⤵
    - Program crash
    PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4608 -ip 4608
1⤵
PID:5000