de0b3317103aa920db6f390603f5a9afeaad58edc081c333fbb8d5a462465f83

Resubmissions

31-05-2024 23:46

31-05-2024 23:43

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 23:43

Target

AcesX.V.2/Module.dll
Size

5.4MB
MD5

a3f17a12dc9763de4335abb9019c1dc3
SHA1

0d7238a1a0a5237fc19b9a54fda3add73793ab2e
SHA256

47fbe4181082820cf7d3e2f10d8db4d4ff79bec7afdcf21e71d5c6614306eaa1
SHA512

e2a17887ccb448a9ce7a2c4ebfd10b4cf5d769b31f150007b03c7bcc4de420e44ac39a6b3473833e0d2d6cb892d4962d98d044207de14143d8b2edffbc8e6a41
SSDEEP

98304:bfleZWdDsTnfQI9Qf3Zqq/lgQ/6STibqZB:bigQ9Q2GciB

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	1008	WerFault.exe	84

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1008	4572	rundll32.exe	84
PID 4572 wrote to memory of 1008	4572	rundll32.exe	84
PID 4572 wrote to memory of 1008	4572	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\Module.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\Module.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 676
    3⤵
    - Program crash
    PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1008 -ip 1008
1⤵
PID:3680

memory/1008-0-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download