10914bccd80e9f3e92eb35be5830a92462fa01d8b820f3e55dab054e432a3f26

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 23:34

Target

$PLUGINSDIR/mmj.dll
Size

107KB
MD5

00fef6fa1709a58f5b6de7f2e05bdadf
SHA1

08266cb5d4a93cb26503c43081bb803b7277c9bb
SHA256

2f826fee0b368544853eb8e17904535b172db34f475d2187b15a96c2aa273337
SHA512

4e8730bea893b7f69eb8e264186071fad1b1516e164c93b52206da589f95e920427c9ae7dd226df5efc7f8934de5b58be456e55af9d396932287cc0e95dc21be
SSDEEP

1536:BB90wgIuSssxcbmhHqTUxouw+nxLwWLoelSm4X+Mmb9hw9gJMffi:BB2Eu6Y2xtvx09GSm4uD9hmgJQK

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4252	2412	WerFault.exe	90

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2412	224	rundll32.exe	90
PID 224 wrote to memory of 2412	224	rundll32.exe	90
PID 224 wrote to memory of 2412	224	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\mmj.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\mmj.dll,#1
  2⤵
  PID:2412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 600
    3⤵
    - Program crash
    PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2412 -ip 2412
1⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:1900