090f2f668799ba806d6e5ec31bf7ff1fd39b7260f129f4d6a944decae0f04df9

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 14:23

Target

Exitlag Cracked 16.1v/libavformat-58.dll
Size

1.4MB
MD5

3c7bc5b6603cec694ef088bd677a672b
SHA1

e6de48ad68b7064b096e374fa80fcc84d845c977
SHA256

1639253b474d9da6e4c1fdda53a5453e76cc1dd9743ad8b3ba2b4294dd07d5e1
SHA512

064a06e3701cd319462d2a515c7f569e10d9783d0f3ad1df583220861acfb657262426d7d1c69d54f22276876ab16214d9e3e0f6ee8216a790c2f955ab1c0890
SSDEEP

24576:WAsXZWwA5rE1vKnRIpbkbKBmJsNKZYzfXMgnilD6tiyIHy9YTexjrRyhiwToH:WAspUMCRJKBAZY4oi0jrRlwT+

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2984	2208	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2036 wrote to memory of 2208	2036	rundll32.exe	28
PID 2208 wrote to memory of 2984	2208	rundll32.exe	29
PID 2208 wrote to memory of 2984	2208	rundll32.exe	29
PID 2208 wrote to memory of 2984	2208	rundll32.exe	29
PID 2208 wrote to memory of 2984	2208	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Exitlag Cracked 16.1v\libavformat-58.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Exitlag Cracked 16.1v\libavformat-58.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
    3⤵
    - Program crash
    PID:2984