744fd1c5e645134e969cffe71ba9ac7baefee1b2ce80cdf16b35db15d0d69514

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 19:32

Target

我爱记牌器/VerInfo.dll
Size

40KB
MD5

7680193713b7fa431d1af797845abffb
SHA1

3fb860574642066440c0626d081f6017b6a1b9bc
SHA256

b599e7a25952e78f911869d692da693eaf7d67ccc20b0ed7b58ffaf38bc1d5c5
SHA512

20abe5f8add1cc3397eac3e3150494c5e261a6a3837bce1756dbe8471c871c1c3f3e7d47d80c70f231302087fe8df18014fd0e8dc6aae749068b11b0ef800c39
SSDEEP

384:g929/jZ+/nvcEXptCzXKTZR0bbAUREHDkLVqUKngmp4FjWDuPKbrZrvADwzfEWCn:uOuRtMdHAUREjkL4UKgmKirrYDwjB+N

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4808	5060	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 5060	2220	rundll32.exe	82
PID 2220 wrote to memory of 5060	2220	rundll32.exe	82
PID 2220 wrote to memory of 5060	2220	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\我爱记牌器\VerInfo.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\我爱记牌器\VerInfo.dll,#1
  2⤵
  PID:5060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 600
    3⤵
    - Program crash
    PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5060 -ip 5060
1⤵
PID:116