88feaa6acdfd75de35b39c26b4f772f9f136ec0b9db74a3c7f4045653bda463b

Analysis

max time kernel
155s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09/07/2024, 02:14

Target

ExitLag/Qt5Sql.dll
Size

159KB
MD5

d0150b6831412f72f15600910dd3b755
SHA1

72c7dc5445d364f3eeda6f6d9b5b762ad03d7655
SHA256

fda5ebb8e58d5ef60e418bb879d7cfb197695c76df8615e566aa7c6eaca2b999
SHA512

3d8915c7183f310c778f9d9c5093068198ef0127ae58c47a2aa3bb50bc38d6f95644a8604ca2bdd030fd96ceecb1eb92c06a2e26566765287a21f09fed11943e
SSDEEP

3072:+Bj+JafypuTXtPNrT5806Oy2RxHuZccccccccccwccGOvXV+dSLeY1gn9:+8uTXtPNrT5HygOZOvXV+dSLeEgn9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
880	4440	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 4440	8	rundll32.exe	83
PID 8 wrote to memory of 4440	8	rundll32.exe	83
PID 8 wrote to memory of 4440	8	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\Qt5Sql.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ExitLag\Qt5Sql.dll,#1
  2⤵
  PID:4440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 676
    3⤵
    - Program crash
    PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4440 -ip 4440
1⤵
PID:856