406a9e03ab016d68a3aa919ac67397a83081f3ef478baf752d90545ec0fac6dc

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 18:31

Target

$PLUGINSDIR/nsDialogs.dll
Size

9KB
MD5

ee449b0adce56fbfa433b0239f3f81be
SHA1

ec1e4f9815ea592a3f19b1fe473329b8ddfa201c
SHA256

c1cc3aa4326e83a73a778dee0cf9afcc03a6bafb0a32cea791a27eb9c2288985
SHA512

22fb25bc7628946213e6e970a865d3fbd50d12ce559c37d6848a82c28fa6be09fedffc3b87d5aea8dcfe8dfc4e0f129d9f02e32dae764b8e6a08332b42386686
SSDEEP

96:oCqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4iqndYHnxss:oCq+CP3uKrpyREs06Yx+dGn

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1900	1372	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1724 wrote to memory of 1372	1724	rundll32.exe	28
PID 1372 wrote to memory of 1900	1372	rundll32.exe	29
PID 1372 wrote to memory of 1900	1372	rundll32.exe	29
PID 1372 wrote to memory of 1900	1372	rundll32.exe	29
PID 1372 wrote to memory of 1900	1372	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 244
    3⤵
    - Program crash
    PID:1900