0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547

Resubmissions

04-04-2024 10:25

04-04-2024 10:18

02-04-2024 03:00

02-04-2024 02:52

31-05-2022 01:49

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
02-04-2024 03:00

Target

$PLUGINSDIR/InstallOptions.dll
Size

15KB
MD5

c32e0fd4ae35ebe913d7bdff974ab7bb
SHA1

e8ea2c5b030d7438539d1de02a13eb8a01cc5b19
SHA256

c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3
SHA512

751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44
SSDEEP

384:EhC43tPegZ3eBaRwCPOYY7nNYXCh/Yosa:EoTgZ3eBTCmrnNAD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	2852	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2004 wrote to memory of 2852	2004	rundll32.exe	28
PID 2852 wrote to memory of 2312	2852	rundll32.exe	29
PID 2852 wrote to memory of 2312	2852	rundll32.exe	29
PID 2852 wrote to memory of 2312	2852	rundll32.exe	29
PID 2852 wrote to memory of 2312	2852	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 248
    3⤵
    - Program crash
    PID:2312