282e8186cec5ec821d89c7347f508aca3eb1e5c532200d50550e75972e5c33c8

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 10:03

Target

$PLUGINSDIR/nsUnzip.dll
Size

146KB
MD5

77a26c23948070dc012bba65e7f390aa
SHA1

7e112775770f9b3b24e2a238b5f7c66f8802e5d8
SHA256

4e4e429ecf1c49119a21c817899f64152b03b41b036fc1d92aee335043364c43
SHA512

2e7ffa4ed5c97f555e1b0d6f55ffcfd53cd28302fc77d95fdaea89e0b6b42e67e366331e52358e78e8266d079cc2ca3ea4c909197fb38a5b4c8151c7678d0065
SSDEEP

3072:3imoHcJg67rm+2X7jiYwJAmcxaw2VvnCNizd9XER4I6CAZJPtAY3:3I8Jlrm7SnjCNizdhER4I3kP3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4584	4944	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 4944	2732	rundll32.exe	85
PID 2732 wrote to memory of 4944	2732	rundll32.exe	85
PID 2732 wrote to memory of 4944	2732	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsUnzip.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsUnzip.dll,#1
  2⤵
  PID:4944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 612
    3⤵
    - Program crash
    PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4944 -ip 4944
1⤵
PID:1740