b6138bd31f0930d6f489ac8ef0dad8333b30bcebc51c0940b19ab4cb3ffbab73

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 04:33

Target

$PLUGINSDIR/inetc.dll
Size

434KB
MD5

210f551d877a262fa2b32fa23289ffda
SHA1

a527a7b94711146843e1dd78b61b1ba78dce2a26
SHA256

2fd047e73350f864d85b2bc128ec19cc30b7d47db656aad08aa7923155ab4f97
SHA512

ba9486f02b602e0208cca4f1ca64d3f2f601cbd239ebc8b11e5b80d55dc7eab0d0bfcb20444e505a2e3b4fd3ac5a0c9cb5e1b3753e4aa302c70770453ea798a6
SSDEEP

6144:Olat1rg5hb6fAEHWAxpEFrFQhi4oOkM4lpfO8BgKL8OxwFCLGZXj:o4g5hbg1WAxpEJFXFlF1gqxwFCL

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2816 2968 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2816	2968	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4216 wrote to memory of 2968	4216	rundll32.exe	rundll32.exe
PID 4216 wrote to memory of 2968	4216	rundll32.exe	rundll32.exe
PID 4216 wrote to memory of 2968	4216	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
2⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 624
3⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2968 -ip 2968
1⤵
PID:1220

memory/2968-0-0x0000000075260000-0x0000000075302000-memory.dmp

Filesize
648KB

Download
memory/2968-1-0x0000000075260000-0x0000000075302000-memory.dmp

Filesize
648KB

Download