b4f3b5d4db14198aa37f16e96e09c265d5e7ce323852c25d5eb7fe26ba382147

Analysis

max time kernel
153s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 20:58

Target

dc crack/RAT/data/7zxa.dll
Size

155KB
MD5

786d4c74c05832a652be5c0a559be1e6
SHA1

56bc5cf0bef56565da871af9e10ac8c2302d2ad7
SHA256

d0680ac62e94f953df031533acd0acb718ad8494f938d84198c655507709e5df
SHA512

29cf07d3acceb716a2e9ec66434170ba7f15c5af3c843253d72be6f7bf1ab942a6e098a423beb33efb9fbf8bb6c967c34d4dedf65aca72984c6aa70c58e0eeb4
SSDEEP

3072:QwBYN3i204AHpzTjaLd4+OTpLcl28hpQplf4btKL6mCF:E3cp3jaLupLc3fclAKmJ

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3148	3832	WerFault.exe	91
2608	3832	WerFault.exe	91

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 3832	956	rundll32.exe	91
PID 956 wrote to memory of 3832	956	rundll32.exe	91
PID 956 wrote to memory of 3832	956	rundll32.exe	91
PID 3832 wrote to memory of 3148	3832	rundll32.exe	97
PID 3832 wrote to memory of 3148	3832	rundll32.exe	97
PID 3832 wrote to memory of 3148	3832	rundll32.exe	97

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\dc crack\RAT\data\7zxa.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\dc crack\RAT\data\7zxa.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 600
    3⤵
    - Program crash
    PID:3148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 600
    3⤵
    - Program crash
    PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3832 -ip 3832
1⤵
PID:1840