21788eb040531132a70e80b3f6bf0f141fce91e003a466255142819a882d298d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 20:03

Target

$PLUGINSDIR/Info.dll
Size

684KB
MD5

3aacd798bbeb527dc546b6d6fdff7fef
SHA1

8ef0976dfb3eee1e9fdf7aad81170e195b2eb822
SHA256

13e7666c84824d5dea12e65239ed21b16c933764ce8f5fe66c39a7b26488a6dc
SHA512

e91a4d5b7bed8797e393c75f6f2d02e05fe39faf286353106082e9bfb0dade592eaec3f322662faff04b343f2490b1cc0b006bc6711a5448c42578732d9ec85f
SSDEEP

12288:+xqrGlLpSOg1ZLYssSxwm6/jx7cg4D95l1ALuLYVppSCNtWueY4H4o9:+xq6lLp4wLjNcg4D3ki6ppSCDWuyH4o9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3448	3544	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 3544	1604	rundll32.exe	82
PID 1604 wrote to memory of 3544	1604	rundll32.exe	82
PID 1604 wrote to memory of 3544	1604	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Info.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Info.dll,#1
  2⤵
  PID:3544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 640
    3⤵
    - Program crash
    PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3544 -ip 3544
1⤵
PID:2420