905459880fe7a096ffa80e60f9a51a7c573e01e258b0e10e8589cf6db85ac466

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:59

Target

WeChat Lite 2.6.2/message.dll
Size

740KB
MD5

4339fa3d77075d1fd7584a59c48b5efc
SHA1

34e05f32ad1f84f5438812177b8aa07b109d7eec
SHA256

5781fc2d930e7043379bcea99d87d1ad163d0f49708c9839e0919f05d8d88529
SHA512

9004712ef73ec7fcb9721973d46c42fddaa8fec9b41696f795c01ed46bbd4b3635bde568eede5e9282cc4464f3638665347ac71fa17086ec0c3e07e5283ebb8b
SSDEEP

6144:S1n4HBaynv7pTG07uE0+oCLG30vOr4aAEu1k6cQiICsaRhoClYTckNCtjzPm+rAf:S14akjpTG0CE/jOQS6td1CYlC1YX

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4140 3668 WerFault.exe rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

3668 rundll32.exe

pid	pid_target	process	target process
4140	3668	WerFault.exe	rundll32.exe

pid	process
3668	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3424 wrote to memory of 3668	3424	rundll32.exe	rundll32.exe
PID 3424 wrote to memory of 3668	3424	rundll32.exe	rundll32.exe
PID 3424 wrote to memory of 3668	3424	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 692
3⤵
- Program crash
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3668 -ip 3668
1⤵
PID:4328