b1d86b3972a7837857ba7b023b062be8a0baa00398c92bebb8917df2566c82c1

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 16:03

Target

MMORPGUPDTDNDIS Pass MMODEVBELIANO/Belianogames/bin/Release/system/WinDrv.dll
Size

616KB
MD5

a01ca9cbe89ce9ab665ba4d64cf15865
SHA1

9f65a3dbbb563f10271bcc5e313fb84309feaee3
SHA256

41e8872c53c7f36cf6abba398b0439845f923853059be145f5cfee8d781c7f58
SHA512

b655eadd1a0c726b737cb42ca96211dc7322ae653b2bbb32da60e8c0c580ab01f0a2573844ed9c2e8a0ac545433f32507a085255f7f28796b2a3a58221ac122f
SSDEEP

6144:63Hn0D/H/ZCmILfeeqnjahQYRxUkUcIE6hqw:63n0D+e7FMw

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	1216	WerFault.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1216	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 1216	3388	rundll32.exe	82
PID 3388 wrote to memory of 1216	3388	rundll32.exe	82
PID 3388 wrote to memory of 1216	3388	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MMORPGUPDTDNDIS Pass MMODEVBELIANO\Belianogames\bin\Release\system\WinDrv.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MMORPGUPDTDNDIS Pass MMODEVBELIANO\Belianogames\bin\Release\system\WinDrv.dll",#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1216
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 908
    3⤵
    - Program crash
    PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1216 -ip 1216
1⤵
PID:2548

memory/1216-2-0x0000000002950000-0x000000000295F000-memory.dmp

Filesize
60KB

Download
memory/1216-0-0x0000000002910000-0x000000000294F000-memory.dmp

Filesize
252KB

Download
memory/1216-3-0x0000000004700000-0x000000000473B000-memory.dmp

Filesize
236KB

Download
memory/1216-5-0x0000000002910000-0x0000000004681000-memory.dmp

Filesize
29.4MB

Download
memory/1216-6-0x0000000004690000-0x0000000006401000-memory.dmp

Filesize
29.4MB

Download
memory/1216-7-0x0000000002960000-0x00000000046D1000-memory.dmp

Filesize
29.4MB

Download
memory/1216-8-0x0000000002910000-0x000000000294F000-memory.dmp

Filesize
252KB

Download