8b56d75369b933d12b1468863c0fd035a36e0781c928683d2e315cd05fbc05b2

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 12:18

Target

Release/Resources/UAC.dll
Size

106KB
MD5

acfc38a006933ac2d7c84d71b117d37e
SHA1

8a7630cb0c760c0c70e6bb75afd8d05d4fa40840
SHA256

cd394322e3b8948786845519064e1b476caabb4f856e884083c7447be9c34cd5
SHA512

11633900577d3af785191ab3cc362dda22c1eac8ff6507a10df7ae8ce7ef699f48c2c15cf841e2ba259ec63d53a01a8355e9ce830029162ee658e525bce2caee
SSDEEP

3072:KXoXvMozBkYzYCqljFqr9RPmockPxiTUUCVXZ:w+rNkKYCkjF+VXZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4392	1208	WerFault.exe	82

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 1208	3124	rundll32.exe	82
PID 3124 wrote to memory of 1208	3124	rundll32.exe	82
PID 3124 wrote to memory of 1208	3124	rundll32.exe	82
PID 1208 wrote to memory of 3836	1208	rundll32.exe	83
PID 1208 wrote to memory of 3836	1208	rundll32.exe	83
PID 1208 wrote to memory of 3836	1208	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Release\Resources\UAC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Release\Resources\UAC.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /C "%phantombp%"
    3⤵
    PID:3836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 608
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1208 -ip 1208
1⤵
PID:4452