22f1ce512a85a441935776954045c45b401f6ff60a8f90304692a294c26be2c1

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:59

Target

$PLUGINSDIR/InstallOptions.dll
Size

33KB
MD5

c6e1bd79c42fae30f95db66d168ca034
SHA1

7cdd4a01b55b5e99b3f007e67c0f403e996af456
SHA256

4f13328bf6a006897b0ea5481a27fc96bc1edcf7eeb9816023f583471af2d5bb
SHA512

3b3214907be4c54362d615cdbe1dd7993fe825c8ae8cca76c8e27549bb3155a9c4970c2cf2711a97bf280f1958cf1aa41864226e2a68d32e6343c3704a9856f1
SSDEEP

384:pbme/+uycTFC1zedCa2pbzDgp4CZkGTTh26rK+KtbQyhPE:piuycT01zedCa6bwp4nLZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1760	1728	WerFault.exe	29

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 2564 wrote to memory of 1728	2564	rundll32.exe	29
PID 1728 wrote to memory of 1760	1728	rundll32.exe	30
PID 1728 wrote to memory of 1760	1728	rundll32.exe	30
PID 1728 wrote to memory of 1760	1728	rundll32.exe	30
PID 1728 wrote to memory of 1760	1728	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
    3⤵
    - Program crash
    PID:1760