b8feebcc2b19f24b6f46724ffd4cb29a55c57e9b1793937bda4656b27192006b

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 16:10

Target

ForumDown_gpxz/ForumDown/JavaSoho.dll
Size

1.3MB
MD5

309d2ae5db665c0560c119bef18aff4c
SHA1

3fe38e0e5a72b4dcffeab9d6c0a6cc30c13a17d6
SHA256

3de88d5eabbaba2b628244e23713db6a01ed7adcc30a44f26bac3292186db2ee
SHA512

dd869765fa7b80422455b570a326f9150fe44bb82788398c6c5e116a23a9d7899e8e065173eef28ca6b5e83939c41e93aff3a1b743b692724d5be5ccf4d36135
SSDEEP

12288:wWxpGgyr1RGTwjnCVXPJoD1WQDv0BroRWVdh4/Nzc6MxVJEaZ/mVBGoXFHhZiyup:vAruTGnQJosVkWVdhz6eEGJN5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2052	1728	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1252 wrote to memory of 1728	1252	rundll32.exe	28
PID 1728 wrote to memory of 2052	1728	rundll32.exe	29
PID 1728 wrote to memory of 2052	1728	rundll32.exe	29
PID 1728 wrote to memory of 2052	1728	rundll32.exe	29
PID 1728 wrote to memory of 2052	1728	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ForumDown_gpxz\ForumDown\JavaSoho.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ForumDown_gpxz\ForumDown\JavaSoho.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
    3⤵
    - Program crash
    PID:2052