19ffd1a91a314949cc063044b209a652278778785c12db5b27d37a7c4bf14961

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 09:13

Target

Skill Hack WarRock-Hacker.de[9.Juni.2009].dll
Size

212KB
MD5

1ff1585682319d720f0dd3f3b3d6f0b2
SHA1

2ec7f71e3258f35f59599a7f3dc18e3013a79b83
SHA256

305fe513dec9e9b744112d217b4172d6aabd4695316b55deac27023605442f8a
SHA512

1dfeec25b085ff430c1cbb2ff5dd4953ddc12a92811ed30146732c4810ef617182d598c0422e165d4c83b365a47de74f2aec8862741203a7e0ada32f99ddd76d
SSDEEP

1536:lHfDU5U8pl8gMsAoTMSRXljNAauuSpQ44qOUFC5w3gDVlpFinT1mnkN+8toPzM:5A5U83v8vSRXljNAa+nTIa+8toI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1232	4788	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 4788	4356	rundll32.exe	84
PID 4356 wrote to memory of 4788	4356	rundll32.exe	84
PID 4356 wrote to memory of 4788	4356	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Skill Hack WarRock-Hacker.de[9.Juni.2009].dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Skill Hack WarRock-Hacker.de[9.Juni.2009].dll",#1
  2⤵
  PID:4788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 616
    3⤵
    - Program crash
    PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4788 -ip 4788
1⤵
PID:4668