37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 07:24

Target

$PLUGINSDIR/SetupHelper.dll
Size

1.4MB
MD5

e4df5c7f58d5e0ccbbe7a6e74fc449ad
SHA1

d0c92b3b78cd5fa61ce51b770565aeb488610c43
SHA256

af55cbbbd681182226c5e854470a05ea8ec6242a30d28c61ce9c20b968088db8
SHA512

5f7456f107df50809bd504e46cd4f5cc43764e683fb14dbcd03c1e6ab5ea5868c0279ed52c8aa5c1795e7928335b9ac07c31c228333dcd44dbb408f04ce2619d
SSDEEP

12288:9GoXS24JiBgSwIiO/qxP4gjICgR5IF5aDTD3rGIBhwjX5xkOC8hPePDeUGFwyhSu:9LCAliO1gqQNgPCUQSUTYoXJ6AT

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4124	1176	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1176	4432	rundll32.exe	83
PID 4432 wrote to memory of 1176	4432	rundll32.exe	83
PID 4432 wrote to memory of 1176	4432	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SetupHelper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SetupHelper.dll,#1
  2⤵
  PID:1176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 660
    3⤵
    - Program crash
    PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1176 -ip 1176
1⤵
PID:1160