Analysis Overview
SHA256
914401789c623bbfc608ce1574838a7e3e39fbbbe24c34c15483f67200942c9b
Threat Level: Likely benign
The file SuperNano2000-ENG.iso was found to be: Likely benign.
Malicious Activity Summary
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Runs regedit.exe
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 20:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:20
Platform
win7-20240611-en
Max time kernel
1563s
Max time network
1564s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2264 wrote to memory of 1244 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\I386\DSSBASE.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\I386\DSSBASE.dll
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 20:40
Platform
win7-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:17
Platform
win7-20240611-en
Max time kernel
1561s
Max time network
1563s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2852 wrote to memory of 2868 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\DBGHELP.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\DBGHELP.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:25
Platform
win7-20240220-en
Max time kernel
1565s
Max time network
1567s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\I386\EXPAND.exe
"C:\Users\Admin\AppData\Local\Temp\I386\EXPAND.exe"
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:32
Platform
win7-20240221-en
Max time kernel
1558s
Max time network
1561s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\I386\SPCMDCON.sys
C:\Users\Admin\AppData\Local\Temp\I386\SPCMDCON.sys
C:\Users\Admin\AppData\Local\Temp\I386\SPCMDCON.sys
Network
Files
memory/2096-0-0x0000000000010000-0x000000000003D980-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 20:40
Platform
win7-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:10
Platform
win7-20240508-en
Max time kernel
1565s
Max time network
1567s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1928 wrote to memory of 2236 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\CABINET.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\CABINET.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:28
Platform
win7-20240611-en
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\I386\IPINFO.vbs"
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20240508-en
Max time kernel
1561s
Max time network
1563s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 2308 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\PIDGEN.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\PIDGEN.dll,#1
Network
Files
memory/2308-0-0x0000000000180000-0x0000000000194000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:26
Platform
win7-20240221-en
Max time kernel
1565s
Max time network
1566s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2292 wrote to memory of 2044 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HPMON.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HPMON.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20231129-en
Max time kernel
1561s
Max time network
1564s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 2004 wrote to memory of 2092 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\I386\RSABASE.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\I386\RSABASE.dll
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:32
Platform
win7-20240611-en
Max time kernel
1560s
Max time network
1562s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\NTDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\NTDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 224
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:17
Platform
win7-20240508-en
Max time kernel
1560s
Max time network
1562s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\I386\CHKUPGRD.bat"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20240221-en
Max time kernel
1558s
Max time network
1561s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\I386\NTFS40.sys
C:\Users\Admin\AppData\Local\Temp\I386\NTFS40.sys
C:\Users\Admin\AppData\Local\Temp\I386\NTFS40.sys
Network
Files
memory/2944-0-0x0000000000010000-0x00000000000685E0-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:32
Platform
win7-20240419-en
Max time kernel
1563s
Max time network
1565s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\UNIPROC\NTDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\UNIPROC\NTDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 224
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20231129-en
Max time kernel
1559s
Max time network
1561s
Command Line
Signatures
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\I386\REGEDIT.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\I386\REGEDIT.exe
"C:\Users\Admin\AppData\Local\Temp\I386\REGEDIT.exe"
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:28
Platform
win7-20240508-en
Max time kernel
1560s
Max time network
1562s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1088 wrote to memory of 1144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\IMAGEHLP.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\IMAGEHLP.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:29
Platform
win7-20240508-en
Max time kernel
1563s
Max time network
1565s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\KBDUS.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:30
Platform
win7-20240611-en
Max time kernel
1563s
Max time network
1571s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\MSVCP50.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\MSVCP50.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 228
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:01
Platform
win7-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:32
Platform
win7-20240508-en
Max time kernel
1563s
Max time network
1565s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1632 wrote to memory of 2404 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SCHANNEL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SCHANNEL.dll,#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:26
Platform
win7-20240419-en
Max time kernel
1562s
Max time network
1564s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3028 wrote to memory of 1828 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HALBORG.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\HALBORG.dll,#1
Network
Files
memory/1828-0-0x0000000000120000-0x0000000000145000-memory.dmp
memory/1828-1-0x0000000000120000-0x0000000000145000-memory.dmp
memory/1828-3-0x0000000040960000-0x0000000040971000-memory.dmp
memory/1828-2-0x0000000000130000-0x0000000000155000-memory.dmp
memory/1828-4-0x0000000000130000-0x0000000000132000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20240221-en
Max time kernel
1563s
Max time network
1565s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\MSVCRT.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\MSVCRT.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 224
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-13 20:39
Reported
2024-06-13 21:31
Platform
win7-20240419-en
Max time kernel
1565s
Max time network
1567s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\NTDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\NTDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 224