94bafd8f48d59d13951e59a5d657c71a3f4f922a7d51f6d4af6db1de48109754

Analysis

max time kernel
140s
max time network
131s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 16:09

Target

$PLUGINSDIR/NSISdl.dll
Size

79KB
MD5

f7902c17e252d1200eabb3416da5799c
SHA1

348740ffdaf35870c307e0bca270b511c3dd6b6f
SHA256

3f68a157046e58f9f04d1361ef8bbac46435f242f0a3d9196917466061a54465
SHA512

26a5b86d292bac87f1baf7d79482d21ba9da731a795f70c40446ac52f6cde0a0a103ce94b87866fff868bf3bc1fe55e5f9ba95682ef025faa44901c1d8122cfb
SSDEEP

1536:WEvXaE4RRX5V1QGJkcQ5qm0NRUgn7OKg:uE4Rp5UEeyUgn7OKg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2660	112	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 1152 wrote to memory of 112	1152	rundll32.exe	30
PID 112 wrote to memory of 2660	112	rundll32.exe	31
PID 112 wrote to memory of 2660	112	rundll32.exe	31
PID 112 wrote to memory of 2660	112	rundll32.exe	31
PID 112 wrote to memory of 2660	112	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 224
    3⤵
    - Program crash
    PID:2660

memory/112-0-0x0000000070C00000-0x0000000070C1E000-memory.dmp

Filesize
120KB

Download