6908e3fd28d9dfe62442d36ea4e22a2edb187768a06ca94ccd7bf005a796c3b8

Analysis

max time kernel
93s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 19:55

Target

$PLUGINSDIR/StartMenu.dll
Size

7KB
MD5

a4173b381625f9f12aadb4e1cdaefdb8
SHA1

cf1680c2bc970d5675adbf5e89292a97e6724713
SHA256

7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
SHA512

fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
SSDEEP

96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1844	4668	WerFault.exe	81

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 4668	4228	rundll32.exe	81
PID 4228 wrote to memory of 4668	4228	rundll32.exe	81
PID 4228 wrote to memory of 4668	4228	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#1
  2⤵
  PID:4668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 612
    3⤵
    - Program crash
    PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4668 -ip 4668
1⤵
PID:5080