46491a250060c435af8b396d8d43f00f24aa5fd8dac6106d4679c51bfbbcfa6f

Analysis

max time kernel
149s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 10:24

Target

PowerISO v8.8 Portable/App/PowerISO/libvorbis.dll
Size

1.6MB
MD5

3d74a92b65f7a75a79719fbf6c158a00
SHA1

7b9f74d6f4c43daed0941c3279fbbe7e2db293ac
SHA256

cd51886c6b5e9dc3faf1b9f095717731c508382e32f22d221e03448755c487a8
SHA512

55ecab3c1f99dd9c53346331a9cfc0bb7204a0f34d6e41a1c520c582b218fe0b721c8ae2b9ba41c9c678c5d949847d9e8f7fe48b77646d27f9a6ff16b3ed347f
SSDEEP

3072:l8hsLKiQLE9te6RtZwYLjvu2TNs9fHvoiR1VcLm1lMR0IF:lLALeeajwYO2pmfP8LvR0g

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4104	4084	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 4084	4628	rundll32.exe	81
PID 4628 wrote to memory of 4084	4628	rundll32.exe	81
PID 4628 wrote to memory of 4084	4628	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PowerISO v8.8 Portable\App\PowerISO\libvorbis.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\PowerISO v8.8 Portable\App\PowerISO\libvorbis.dll",#1
  2⤵
  PID:4084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 448
    3⤵
    - Program crash
    PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4084 -ip 4084
1⤵
PID:1088