fa33a79cef198b9720dcd8c28a345e5532a6bc8c9b79db6640a2a5f6ad56ef82

Analysis

max time kernel
611s
max time network
1608s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 09:59

Target

Bindu Software/Colorlab/haspvb32.dll
Size

324KB
MD5

76f0d4e68413d64f20b6a203018fe948
SHA1

4e5b02030d2363f88b7ab389d33f5896c65d9dd0
SHA256

7ef2648aae5b13c28173c0301afaeab762f6c2271946b48ac388b9cfc137d076
SHA512

50a785f6fd4f8605cb04e2ecb8dc2344f6ce14e5cf01d570b1e687e02c00ed996469a73408ca05aebe16f28b746145d5295919ee24114cd873eb404021e682f5
SSDEEP

6144:tbdmy6ia0PnHufNBPSFtcKlbJmf7B5P9bNh7yhgdBOS:1gy6iaUeaRlOFJhYgdBO

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4728	3684	WerFault.exe	75

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3684	2256	rundll32.exe	75
PID 2256 wrote to memory of 3684	2256	rundll32.exe	75
PID 2256 wrote to memory of 3684	2256	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bindu Software\Colorlab\haspvb32.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bindu Software\Colorlab\haspvb32.dll",#1
  2⤵
  PID:3684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 616
    3⤵
    - Program crash
    PID:4728