fe5b2a5f747972940bf4d6eb489c11f3c739bb443168c28b277c0130cc737d35

Analysis

max time kernel
142s
max time network
127s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 01:54

Target

$PLUGINSDIR/nsDialogs.dll
Size

11KB
MD5

79a0bde19e949a8d90df271ca6e79cd2
SHA1

946ad18a59c57a11356dd9841bec29903247bb98
SHA256

8353f495064aaf30b32b02f5d935c21f86758f5a99d8ee5e8bf8077b907fad90
SHA512

2a65a48f5dd453723146babca8d047e112ab023a589c57fcf5441962f2846a262c2ad25a2985dba4f2246cdc21d973cbf5e426d4b75dd49a083635400f908a3e
SSDEEP

192:rAki5P7AA9Xm2Y3KkdMG95Kt0qk+PdIgb9rdTiUdH7hs:Ekg7TNm2GdMG9ISx+P99rd+aH9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1908	2332	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2328 wrote to memory of 2332	2328	rundll32.exe	28
PID 2332 wrote to memory of 1908	2332	rundll32.exe	29
PID 2332 wrote to memory of 1908	2332	rundll32.exe	29
PID 2332 wrote to memory of 1908	2332	rundll32.exe	29
PID 2332 wrote to memory of 1908	2332	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 248
    3⤵
    - Program crash
    PID:1908

memory/2332-0-0x000000006EB40000-0x000000006EB4A000-memory.dmp

Filesize
40KB

Download