825f85ef185a362df060f3007addaa4a9e601626e2dca97af95a320285f4c4ee

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:58

Target

$PLUGINSDIR/rece.dll
Size

114KB
MD5

d2a73babcc0efc716b318b3fbe49dd72
SHA1

b89159ca245520e9c0328ef180763f6e556e272b
SHA256

f4c50a872527d8c501a1a381510569df60fca015379da2c124d1eb7978598e68
SHA512

6a8daebe1a87b58dc51ec3868d1975b878522ed395b0c7d3ea8ebe26653a1f01cc69a04dbc6b848fa8fd4231ebcb56650b6a497da8ae6cbdc5bf8c672ae0f51e
SSDEEP

1536:teNRZ+4fphRq9k1m6ZnDeRXlhtXcriSJKuNss4amz3b7mci4L+WHTyO:te9dZq9k9hYVki+8lz3/mci4RHTyO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	1560	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1636 wrote to memory of 1560	1636	rundll32.exe	28
PID 1560 wrote to memory of 2952	1560	rundll32.exe	29
PID 1560 wrote to memory of 2952	1560	rundll32.exe	29
PID 1560 wrote to memory of 2952	1560	rundll32.exe	29
PID 1560 wrote to memory of 2952	1560	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\rece.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\rece.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 220
    3⤵
    - Program crash
    PID:2952