159bd973bae27b814a3e532b2ffe7d3960b96c1f739a2967c7ce8f77c6954521

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 13:50

Target

plugu v1 fixed.dll
Size

8.5MB
MD5

99492d91112af8d998d0861aab3acabb
SHA1

ea514ae666eebf3dd02337cd55531c36407bbf18
SHA256

f2ecabc649b7db40d38a85bbdb8e4491adb613d242bbda3be3677975820d7268
SHA512

fb2a530a0cb47ca7cd814ed7b9887f4232458b918ef99a27238b54ad1ba91ea8f37fcb4c2318bf769aa5f5d22b796f6993bd6203c187969222b1d03a4282a296
SSDEEP

49152:I03qQXG9X3tDkajE3OtgaNBsp5xYeRY+yvBbixY+6hOEuJgh/6RgjbwimjnE47/H:Qb98pshUih/nbwcgKRlRT7qFx15jXzH

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2404	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3040	2404	rundll32.exe	31
PID 2404 wrote to memory of 3040	2404	rundll32.exe	31
PID 2404 wrote to memory of 3040	2404	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\plugu v1 fixed.dll",#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2404 -s 224
  2⤵
  PID:3040

memory/2404-1-0x00000290082C0000-0x0000029008B21000-memory.dmp

Filesize
8.4MB

Download
memory/2404-5-0x00000290082C0000-0x0000029008B21000-memory.dmp

Filesize
8.4MB

Download
memory/2404-3-0x00000290082C0000-0x0000029008B21000-memory.dmp

Filesize
8.4MB

Download
memory/2404-0-0x00000290082C0000-0x0000029008B21000-memory.dmp

Filesize
8.4MB

Download