d8081db54fc35b9c1521f717e6d9564b7dcfa4a6cbfa4d68bff274c4e7033ade

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:15

Target

GdiPlus.dll
Size

1.4MB
MD5

e6d08a468ac69cef9a05dcf6bbfd0a64
SHA1

c958efaec1436360541d59d78a656d8d52eb1898
SHA256

d8081db54fc35b9c1521f717e6d9564b7dcfa4a6cbfa4d68bff274c4e7033ade
SHA512

65ce62477b9d2fcc9926ce8fd6680120b017de8b08c48b9c7b13674942998916aa6e1fdd71c7db3d47a6ff329070fa8fca5f8086e08fb309ed420a03fecd7625
SSDEEP

24576:o0/NlUadxGUz38QWxqgF9gjTKonD0nMIxwLNRD60EUefhmx2l45f5H0UwMKGXRbj:o00Y38QNSMII2l45f5xwURbpcLzfJTTQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5048	4292	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4292	5104	rundll32.exe	84
PID 5104 wrote to memory of 4292	5104	rundll32.exe	84
PID 5104 wrote to memory of 4292	5104	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GdiPlus.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GdiPlus.dll,#1
  2⤵
  PID:4292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 604
    3⤵
    - Program crash
    PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4292 -ip 4292
1⤵
PID:1000