0fa6530caf41e3825fb450cbac451c09f0e34c52190f0cf3439e3ebdedf1c0a3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 12:29

Target

EOSSDK-Win32-Shipping.dll
Size

13.2MB
MD5

18f563aff9f6d0d4d17bf4f1d476c831
SHA1

116ebe693045b6ad3efeedce5128052324a92935
SHA256

0fa6530caf41e3825fb450cbac451c09f0e34c52190f0cf3439e3ebdedf1c0a3
SHA512

5d35f6957617d118975e7ecbf48f7e5d0585cf0118db44d43b7822256b5eec2e8561e60f4594670cfd0bbf433b3b80ff7fdc7658d18a00d9e963239857a480a9
SSDEEP

196608:D9ZAs64vitDLavArRnGN+Umy3eIm9YvpgVLkecy38GvavJOohD:D9ZAs6QUD+vArRnGEcpAkeD8NvzhD

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
324	1456	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1456	2116	rundll32.exe	86
PID 2116 wrote to memory of 1456	2116	rundll32.exe	86
PID 2116 wrote to memory of 1456	2116	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\EOSSDK-Win32-Shipping.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\EOSSDK-Win32-Shipping.dll,#1
  2⤵
  PID:1456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 724
    3⤵
    - Program crash
    PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1456 -ip 1456
1⤵
PID:2388