6dbd578bacfac6bee49b778b85cd62926c65a7f23bb33ceec705686474308898

Analysis

max time kernel
15s
max time network
21s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 22:36

Target

$PLUGINSDIR/gnokeofcx.dll
Size

17KB
MD5

1d6dbd89d81d6216f259c9f35c40c42c
SHA1

b0b25bbb32c2c8b06e8a2a12706ca25e85bfb850
SHA256

781e084ab8b4ee8388ff2cbc44c502f0d1aa164556c80931ca12a9e8d525f500
SHA512

aa94d3ac2e64901141fc3102263f547e245546ba44db4215848063206d9fbb7af6e4dde075fd8ac16a06e0c8ab94f56922b2dc76b4fe301ba436f106e0cbe856
SSDEEP

192:/w8mw6RAHEkXkbrbrzXGUk9e95P7ZnOddr6g29SayucE3ROCRh1TIyWW9ShyYQlq:/ZmwskUvqUdOddr12TLRU5ydeok

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3044	924	WerFault.exe	30

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 624 wrote to memory of 924	624	rundll32.exe	30
PID 924 wrote to memory of 3044	924	rundll32.exe	31
PID 924 wrote to memory of 3044	924	rundll32.exe	31
PID 924 wrote to memory of 3044	924	rundll32.exe	31
PID 924 wrote to memory of 3044	924	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gnokeofcx.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gnokeofcx.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 252
    3⤵
    - Program crash
    PID:3044