Analysis
-
max time kernel
131s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 11:42
General
-
Target
ActivationManager.dll
-
Size
572KB
-
MD5
37d2b3a6707982caa1f28d839acbc43a
-
SHA1
d33ed89b0f84b5bebc32f01f583895ce22e5d203
-
SHA256
7a3f0b4a49a620084d0bac15f10cf91f8abfcf1276381304903d7dd310e5e289
-
SHA512
07c980af02171b6338aa8e36b456200ee8fe38ff5713f8c6959ba72253e53017e2ca2cf4b976a4f17da5b79bef18c16da049d6ebe6d99a5711ce53bff84fd6f6
-
SSDEEP
12288:SBC+Ct7H+X6SKm0mB0Zyv8wOzjLcWkncwKGo3KAvpOKjBkQfqiO:SB3Ct7yx0FyvOzMcwjclpq
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ActivationManager.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ActivationManager.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 7163⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2952 -ip 29521⤵