6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
66s
max time network
68s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-05-2024 23:54

Target

$TEMP/downloader_easeus/2.0.0/2trial/aliyun/AliyunWrap.dll
Size

482KB
MD5

58968e221f2522d98dbfe7574d0c44aa
SHA1

424b55216f2c832202c01363e013546380f5312a
SHA256

265170e701ec453b13249e7a4e4f401b87fae79442cce77060213ebcd03828c0
SHA512

9bba6ffbec9b6d3de7b530b056098465a54b66494db7e7ca82e8c98802fb5a1cb500f5d505387f2a33fb9a42a533d5838b1125ef14afad11285410652c6f07b5
SSDEEP

12288:YaK0OuDBlYPIj/q9DQsEfExtrlp87pMaIPuboWMlyF0Ps:W9DeuBc/IPu8WMAF0Ps

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3412 508 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3412	508	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4880 wrote to memory of 508	4880	rundll32.exe	rundll32.exe
PID 4880 wrote to memory of 508	4880	rundll32.exe	rundll32.exe
PID 4880 wrote to memory of 508	4880	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.dll,#1
  2⤵
  PID:508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 508 -s 660
    3⤵
    - Program crash
    PID:3412