40d4bc677804c8b7cbd4f13942682658546aee56746fecbd59e5eeef7da46c5f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 01:14

Target

$PLUGINSDIR/InstallOptions.dll
Size

14KB
MD5

5ae04445948261c85670059119df3dad
SHA1

f13313f7f3e465ea0bfb1190073bee4c5d10e56a
SHA256

5b604ab18f9b758c8d63faf682ca24789edce2cc8eec11d66dbc4adc5a50d5de
SHA512

e2e011dae67dc12088f2b92d048c6b5668027f82982a7191a12f3d875830e9b205f8dd49fc6ffb3ee452f0db4bb92d9497bdffdd324068923efcd038de81a3ab
SSDEEP

192:HhzELJEVgDGUzG0U1YeyPdSA9QYm2f+ypnEz+OsweLo7CnfXkCjKSsHt2:Hhz88US0J1PdSqjmUuzLswV7CfUClk

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1300	852	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 2068 wrote to memory of 852	2068	rundll32.exe	28
PID 852 wrote to memory of 1300	852	rundll32.exe	29
PID 852 wrote to memory of 1300	852	rundll32.exe	29
PID 852 wrote to memory of 1300	852	rundll32.exe	29
PID 852 wrote to memory of 1300	852	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 244
    3⤵
    - Program crash
    PID:1300