797e52d61827ac81a4528d8ae01e56a96b26941954d644ddfa009a1a6e179fd8

Analysis

max time kernel
86s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2024, 16:52

Target

miflash_unlock-en-6.5.224.28/libcurl.dll
Size

471KB
MD5

c0eb2e1b7c7d275103dac2ae16fb5ce0
SHA1

167b454956b5dd7c6c713c7e0177c8ed6da777ca
SHA256

a814bb136abdf412038259bff8886e18265cf4720af9f4b05f638ef517eceb49
SHA512

77fb53a0b622b198900279e5d8ac31559069d2c9ecfb9b6bc9d324be79e49bba8abdf4870520755a952466db069a8efdf47369094c124f4df9f60c4df0f0cbff
SSDEEP

12288:mmUcWJfc5wHcN02D0Jx34PUuwqCIlP8Rt3zW/LA2Ogmj2G+xIhR3z04JJbxtP:mmUO5V8j2GjQ4nP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1972	2416	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 2416	3384	rundll32.exe	79
PID 3384 wrote to memory of 2416	3384	rundll32.exe	79
PID 3384 wrote to memory of 2416	3384	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\miflash_unlock-en-6.5.224.28\libcurl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\miflash_unlock-en-6.5.224.28\libcurl.dll,#1
  2⤵
  PID:2416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 500
    3⤵
    - Program crash
    PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2416 -ip 2416
1⤵
PID:4268