217952223a1325f32e1e0a6dcc592fcc4cd3deec77ac26db440a35d9ab091848

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 02:20

Target

$PLUGINSDIR/system.dll
Size

1.9MB
MD5

e39726530c308f80f100b60c690d5628
SHA1

a9ae282081ffaaac29a33f4ee24d2e3f1200c102
SHA256

a60bf8267f8caa62776141a16da7cefdcb767dd2f7ce15587bb5af7170f053f5
SHA512

4d22e48903024075c064a78dfc1c5f0ac76c6a61e32e1e22f07ea6d1b51cae7d84c9c7e72c88d57fe8d883995d9eff1eb5c41c9bfa7feac638f5c5df43228cc4
SSDEEP

49152:KQ5KUpZoYl43ExebD8qgxhHfKjFWRzGm09mI5wuNfpo5kVPCN6w8Txp/0QH4bpoa:pKJYl4Mefgxh/wFWRzGm09mI5wuNfpoM

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
500	2184	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2352 wrote to memory of 2184	2352	rundll32.exe	28
PID 2184 wrote to memory of 500	2184	rundll32.exe	29
PID 2184 wrote to memory of 500	2184	rundll32.exe	29
PID 2184 wrote to memory of 500	2184	rundll32.exe	29
PID 2184 wrote to memory of 500	2184	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\system.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\system.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 248
    3⤵
    - Program crash
    PID:500