e80cd34b19512bd5dd8ca13bc15ccca22d48508388793327fa98be4a1d04faad

Analysis

max time kernel
71s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 21:57

Target

Perm Unban/GRINX64v2/UCOREDLL.dll
Size

112KB
MD5

8370f3114924ed6c53741de7a253625a
SHA1

f7782d51e73526226a89229b4f3625c7ce43f3b3
SHA256

78a4d8e5e8c33793e5a2020325d3a49e92e4826167742e93179bdacbf167b409
SHA512

5a13c0fb787366869fac57139fa2ebbd0c34a1bfa76c05ac879da60e534cbac694385f2b6120fdb6c7cf0e62cf4948efbdfde96e695a9d377f44eedb2e1b1398
SSDEEP

1536:g+FKwswB29BLymvRwRvSpD0pQD61ShZT1Cw4cf0SbtsWFoYc0RkU:g8Vk9ymvyNMO4QqGeyqoLGL

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1388	2660	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 2660	4504	rundll32.exe	84
PID 4504 wrote to memory of 2660	4504	rundll32.exe	84
PID 4504 wrote to memory of 2660	4504	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Perm Unban\GRINX64v2\UCOREDLL.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Perm Unban\GRINX64v2\UCOREDLL.dll",#1
  2⤵
  PID:2660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 620
    3⤵
    - Program crash
    PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2660 -ip 2660
1⤵
PID:4512