1dc82ec6bd8c9f9f0ec068eb72665f6cdaf21c08b9c3b07cd56c9e6ddad626fc

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 11:46

Target

Чтец потоков.dll
Size

195KB
MD5

14dbc8c17bc3a9497855f6225d087cc1
SHA1

a0e10b13b362d0a31788a14c029e51a2f601bdc9
SHA256

fc3ecc2bf1357781fb2b1612eed00e1c0f0c831bed968c752a0982a25e6c3fb6
SHA512

169d6b0471d6520df32fb8bbc0f6ac3f42bf21031f4938bb819efd411631fbe6d01d102548385d1e2f75ff273ffb46a315bba95bab9ef973fd05ce520be8e3f6
SSDEEP

3072:3m7enyP2+ZMuYijhHeCv+CH5xjXl+CHMVw5DHuxBtAfniTY2EEPmJkLNhHZEXC:3RnyPliuJHXhH5hXEC4wdAB+iKsZI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4116	460	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 460	1872	rundll32.exe	85
PID 1872 wrote to memory of 460	1872	rundll32.exe	85
PID 1872 wrote to memory of 460	1872	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Чтец потоков.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Чтец потоков.dll",#1
  2⤵
  PID:460
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 648
    3⤵
    - Program crash
    PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 460 -ip 460
1⤵
PID:4864

memory/460-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download