2fc56fb072f48559d7fdce59399d768d8f9d9d809a10a96c6f0d1e38a12b7d3d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 23:13

Target

Warrior's Skill Mixed By Deeyoung/DevComponents.DotNetBar1.dll
Size

501KB
MD5

ab46c081fc8f250fad5553543d3ceefd
SHA1

cfb7ced1a050f778fc922cf660ab9e7a5c15c9de
SHA256

3f34a35387ade40429b80539a762fba5363e04c4e3a0b4c56eff22ddc5cf283c
SHA512

e7014f5d12b9cd7a5b6757328489a4022e527c3d5d4ec3619879034bf890464c8cab1f9b55729e72ac84547c3fe7ca124c083d9ae6a7b5925377f5652c71c1f7
SSDEEP

12288:mVTHcCDSEdqBVD24s1mHQPjS5qzA8La4:mVDnSEQqm59

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4388	2796	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2796	3080	rundll32.exe	82
PID 3080 wrote to memory of 2796	3080	rundll32.exe	82
PID 3080 wrote to memory of 2796	3080	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Warrior's Skill Mixed By Deeyoung\DevComponents.DotNetBar1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Warrior's Skill Mixed By Deeyoung\DevComponents.DotNetBar1.dll",#1
  2⤵
  PID:2796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 784
    3⤵
    - Program crash
    PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2796 -ip 2796
1⤵
PID:4804

memory/2796-0-0x0000000010000000-0x00000000100B2000-memory.dmp

Filesize
712KB

Download