51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 04:59

Target

51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e.dll
Size

839KB
MD5

e83d6092439a90af2b4b1db2ad3a9c5a
SHA1

4da6fef533b37a12ed1e357df66802de29c1ab5c
SHA256

51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e
SHA512

0d695785c00fa1dfa2c1825b8f8de757daae9336a674e8e723586cbe105832fbaba1c886a6554073baab725bfa9ad47042ec95a43ba94b76788dd9f8198dddd4
SSDEEP

24576:zvA0H/qL9fu4c8JZHSE6biXLemW34Mi+4LKH:UHL9fu4hSLbiXLer4MD4WH

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2756 1084 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2756	1084	WerFault.exe	rundll32.exe

Modifies registry class 3 IoCs

Processes:

rundll32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.agnkdbd5y\DefaultIcon	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.agnkdbd5y	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.agnkdbd5y\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fkdjsadasd.ico"	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1084	1672	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 2756	1084	rundll32.exe	WerFault.exe
PID 1084 wrote to memory of 2756	1084	rundll32.exe	WerFault.exe
PID 1084 wrote to memory of 2756	1084	rundll32.exe	WerFault.exe
PID 1084 wrote to memory of 2756	1084	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e.dll,#1
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 372
    3⤵
    - Program crash
    PID:2756