0eb6ba91a1615a97769c2df504d702f99d3e99455aa2297444c1f3c4b450e062

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 12:19

Target

$PLUGINSDIR/CPUFeatures.dll
Size

9KB
MD5

8dbdb1e97b8bb2a24412dd2a8995fb73
SHA1

718f255611dcaca48679d11edcd4ccc4b70558e3
SHA256

4e4099a55fc7243f98b42041ad3052c0f04979597c76b43a4f95fa548bf69ad7
SHA512

db95fb87f3e6b1333b857b26b80bde18b63f7b07e42cd640c310478dd327b4b1ea8a6b6dba8404ba95e3e5217112f169ed900971b409b2eb4033b99b890e5c50
SSDEEP

192:Bsj793YDyrl/aSINP0og4DmPeQXID0IzK0suP3rk0p2XyA:BsH9Iury5j3y+D0GK0suP7k0Q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	1952	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1336 wrote to memory of 1952	1336	rundll32.exe	28
PID 1952 wrote to memory of 2016	1952	rundll32.exe	29
PID 1952 wrote to memory of 2016	1952	rundll32.exe	29
PID 1952 wrote to memory of 2016	1952	rundll32.exe	29
PID 1952 wrote to memory of 2016	1952	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CPUFeatures.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CPUFeatures.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 224
    3⤵
    - Program crash
    PID:2016