f57db99dc4f275e80dfbec38e0e02bc0e1203077692ef23205ee435bd94cf5e2

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:21

Target

$PLUGINSDIR/nsDialogs.dll
Size

9KB
MD5

d9256d9acaecabb20b7e9a1595abfa36
SHA1

ece1cab181dac7729246da1d4494b8daa10c3b70
SHA256

d7b2c55977a541f8d075e48d4e0a82eec79ad247b0ed168c19a8518131acd19c
SHA512

5827cdbfde0e766d1b74ecb22f9614232031da41c21d0f6ff6c9d5dcdfc0adc23e8fd616eb020ab42208932444b5e0cb1e6d6e698bead412eae19624a180b6ff
SSDEEP

96:oHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4DPqndYHnxss:oHq+CP3uKrpyREs06YxuidGn

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2812 2076 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2812	2076	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2192 wrote to memory of 2076	2192	rundll32.exe	rundll32.exe
PID 2076 wrote to memory of 2812	2076	rundll32.exe	WerFault.exe
PID 2076 wrote to memory of 2812	2076	rundll32.exe	WerFault.exe
PID 2076 wrote to memory of 2812	2076	rundll32.exe	WerFault.exe
PID 2076 wrote to memory of 2812	2076	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 244
    3⤵
    - Program crash
    PID:2812