ba2a7de7fea0550a1ed3a5c419c5e878bdfe49286b190ac156b61dab0012087a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 12:32

Target

Rpoxo BETA V-1.7/Proxo BETA V1.7/exploit-main.dll
Size

546KB
MD5

9f04155387e7a850561e206c48c54cfd
SHA1

d3788149c90f4489f02026451d8c8f807dbb6f4e
SHA256

eca3bdc638b9fd9304b401e3a4ef6b40c12c193fa3633d3d8bfc65a1d7d950e4
SHA512

4ce998ff1b7ac7bc9c249a29f04ad9074dfa81614ceb9d8e884cca45daf83cdb71f58f79d85e085b2ee6467556872a4370d9dafd9775909826d8d53d138e5b54
SSDEEP

12288:oTvHofRsMJ0qKNNlnJV5bYfD2y/tPe6ZLoQr42KQSO31i/Du6lRsEXot:V0/Nld0r1ZLog40usE8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2920	2924	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2872 wrote to memory of 2924	2872	rundll32.exe	28
PID 2924 wrote to memory of 2920	2924	rundll32.exe	29
PID 2924 wrote to memory of 2920	2924	rundll32.exe	29
PID 2924 wrote to memory of 2920	2924	rundll32.exe	29
PID 2924 wrote to memory of 2920	2924	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Rpoxo BETA V-1.7\Proxo BETA V1.7\exploit-main.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Rpoxo BETA V-1.7\Proxo BETA V1.7\exploit-main.dll",#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 256
    3⤵
    - Program crash
    PID:2920