deaffb8fb87d9d091a13d42e34b17e2ccebb4bdb857e42624b58f8eb54cc34f6

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 20:49

Target

$PLUGINSDIR/bpcnrtp.dll
Size

166KB
MD5

250221a999b372a3d7318c388ad51fe2
SHA1

8fd2692d924b777e0146cfe4a57cfc03d07756f8
SHA256

433cd8268b8f94eb0393af2ab219ccc6b4cfe902d70e17a4d8d123582c156db2
SHA512

b38c368581231242f657c27394d28ddff12f347a81858228da23c19f797684a8d28fe3e0d0c0e853b3c6d719761974a309034db1db07451426b501d027edf3d9
SSDEEP

3072:GE3gR610d7qaSJ/mGvTVs9M4dC+LoU9+S/9s4aV8:r3gR6idfr2TEdC+Ld9Mm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	2320	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2188 wrote to memory of 2320	2188	rundll32.exe	28
PID 2320 wrote to memory of 2288	2320	rundll32.exe	29
PID 2320 wrote to memory of 2288	2320	rundll32.exe	29
PID 2320 wrote to memory of 2288	2320	rundll32.exe	29
PID 2320 wrote to memory of 2288	2320	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bpcnrtp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\bpcnrtp.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
    3⤵
    - Program crash
    PID:2288