libwireshark.dll

Sample information


0

Antivirus detections

0

IDS alerts

62

Processes

0

Http events

0

Contacted hosts

0

DNS Requests

    7.2


    Score

Current activity of this Sample


Blacklist timeline


Malicious
94 days since the last reported activity  
No activityreported afterAug 01, 2025Fri 25Jul 27Tue 29Thu 31Augidentity--387f59f7-521c-4e35-9a80-a669ec5e27abHybrid-AnalysisGeneric MalwareGeneric Malware
Hashes
Filename:
libwireshark.dll
md5:
8992086e95e5d693cd4bbcdcc8e1f233
sha1:
543cb0a7dc6238e9b41826b40346040af03a3b3c
sha256:
9ed361e6841fc08272a639b2f5591e3eded8151f0bdd71517f9f9d19ab5eef34

In depth details
Filetype:
PE32+ executable (DLL) (GUI) x86-64, for MS Window ...
Size (Bytes):
1490152
Classification:
malicious

Dates
Indexed:
Wed Jul 23 2025 17:11:14 GMT+0000 (3 months ago)
Last modified:
Sat Aug 02 2025 16:20:45 GMT+0000 (3 months ago)
Explore our API specification anytime here:
API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/9ed361e6841fc08272a639b2f5591e3eded8151f0bdd71517f9f9d19ab5eef34

Response:

      
{
    "blacklist": [
        {
            "count": 6,
            "description": "Generic Malware",
            "first_seen": "2025-07-23 17:30:04",
            "last_seen": "2025-07-23 18:30:08",
            "ref": [
                21745
            ],
            "source": "Hybrid-Analysis"
        },
        {
            "count": 1,
            "description": "Generic Malware",
            "external_references": [
                {
                    "description": "x_cta_member_id",
                    "external_id": "identity--387f59f7-521c-4e35-9a80-a669ec5e27ab",
                    "source_name": "cyber-threat-alliance"
                },
                {
                    "description": "x_cta_submission_id",
                    "external_id": "b944f6e4-8ab6-4def-a1dd-f72ab3dbf18a",
                    "source_name": "cyber-threat-alliance"
                }
            ],
            "first_seen": "2025-08-01 21:00:20",
            "last_seen": "2025-08-01 21:00:20",
            "ref": [
                21745
            ],
            "source": "identity--387f59f7-521c-4e35-9a80-a669ec5e27ab"
        }
    ],
    "classification": "malicious",
    "creation_time": "2025-07-23 17:11:14",
    "filename": [
        "libwireshark.dll"
    ],
    "filetype": "PE32+ executable (DLL) (GUI) x86-64, for MS Window ...",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "8992086e95e5d693cd4bbcdcc8e1f233",
    "modification_time": "2025-08-02 16:20:45",
    "process_list": [
        {
            "name": "<Ignored Process>",
            "uid": "00000000-00001420"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#2",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00007800"
        },
        {
            "commandline": "-u -p 7800 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008692"
        },
        {
            "commandline": "-u -p 7800 -s 512",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00003760"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#1",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00003976"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#3",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00004392"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#4",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00007960"
        },
        {
            "commandline": "-u -p 7960 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00001524"
        },
        {
            "commandline": "-u -p 7960 -s 496",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00005544"
        },
        {
            "commandline": "-pss -s 444 -p 7800 -ip 7800",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00003176"
        },
        {
            "commandline": "-pss -s 556 -p 7800 -ip 7800",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00007108"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#5",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00004908"
        },
        {
            "commandline": "-pss -s 376 -p 7960 -ip 7960",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00004244"
        },
        {
            "commandline": "-pss -s 564 -p 7960 -ip 7960",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00006424"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#6",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00005068"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#7",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00005812"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#8",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00004424"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#9",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00008652"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#10",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00004568"
        },
        {
            "commandline": "-u -p 4568 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00004160"
        },
        {
            "commandline": "-u -p 4568 -s 496",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008340"
        },
        {
            "commandline": "-pss -s 580 -p 4568 -ip 4568",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00000984"
        },
        {
            "commandline": "-pss -s 516 -p 4568 -ip 4568",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00007732"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#11",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00006368"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#12",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00008808"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#13",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00008440"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#14",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00003764"
        },
        {
            "commandline": "-u -p 3764 -s 492",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00002904"
        },
        {
            "commandline": "-u -p 3764 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008804"
        },
        {
            "commandline": "-pss -s 504 -p 3764 -ip 3764",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008972"
        },
        {
            "commandline": "-pss -s 584 -p 3764 -ip 3764",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00001856"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#15",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00006180"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#16",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00001644"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#17",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00003664"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#18",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00009092"
        },
        {
            "commandline": "-u -p 9092 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00005680"
        },
        {
            "commandline": "-u -p 9092 -s 508",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00009096"
        },
        {
            "commandline": "-pss -s 548 -p 9092 -ip 9092",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00005996"
        },
        {
            "commandline": "-pss -s 504 -p 9092 -ip 9092",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00000464"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#19",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00001068"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#20",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00001156"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#21",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00006872"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#22",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00007880"
        },
        {
            "commandline": "-u -p 7880 -s 500",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00007112"
        },
        {
            "commandline": "-u -p 7880 -s 496",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00005628"
        },
        {
            "commandline": "-pss -s 572 -p 7880 -ip 7880",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00002008"
        },
        {
            "commandline": "-pss -s 528 -p 7880 -ip 7880",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00004760"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#23",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00005252"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#24",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00008852"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#25",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00002728"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#26",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00001192"
        },
        {
            "commandline": "-u -p 1192 -s 456",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00009016"
        },
        {
            "commandline": "-pss -s 572 -p 1192 -ip 1192",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00004396"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#28",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00001072"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#30",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00002020"
        },
        {
            "commandline": "-u -p 2020 -s 508",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00005008"
        },
        {
            "commandline": "-pss -s 444 -p 2020 -ip 2020",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008696"
        },
        {
            "commandline": "-pss -s 664 -p 2020 -ip 2020",
            "name": "WerFault.exe",
            "normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
            "sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
            "uid": "00000000-00008864"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#31",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00003716"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#32",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00005276"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#33",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00008188"
        },
        {
            "commandline": "\"C:\\libwireshark.dll\",#34",
            "name": "rundll32.exe",
            "normalizedpath": "%WINDIR%\\System32\\rundll32.exe",
            "sha256": "98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
            "uid": "00000000-00006840"
        }
    ],
    "score": 7.2,
    "scoring_executed_time": "2025-07-23 17:30:06",
    "sha1": "543cb0a7dc6238e9b41826b40346040af03a3b3c",
    "sha256": "9ed361e6841fc08272a639b2f5591e3eded8151f0bdd71517f9f9d19ab5eef34",
    "size": 1490152,
    "type": "sample"
}
Process list
uid
00000000-00001420
commandline
name
<Ignored Process>
normalizedpath
sha256
uid
00000000-00007800
commandline
"C:\libwireshark.dll",#2
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008692
commandline
-u -p 7800 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00003760
commandline
-u -p 7800 -s 512
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00003976
commandline
"C:\libwireshark.dll",#1
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00004392
commandline
"C:\libwireshark.dll",#3
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00007960
commandline
"C:\libwireshark.dll",#4
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00001524
commandline
-u -p 7960 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00005544
commandline
-u -p 7960 -s 496
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00003176
commandline
-pss -s 444 -p 7800 -ip 7800
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00007108
commandline
-pss -s 556 -p 7800 -ip 7800
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00004908
commandline
"C:\libwireshark.dll",#5
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00004244
commandline
-pss -s 376 -p 7960 -ip 7960
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00006424
commandline
-pss -s 564 -p 7960 -ip 7960
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00005068
commandline
"C:\libwireshark.dll",#6
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00005812
commandline
"C:\libwireshark.dll",#7
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00004424
commandline
"C:\libwireshark.dll",#8
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008652
commandline
"C:\libwireshark.dll",#9
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00004568
commandline
"C:\libwireshark.dll",#10
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00004160
commandline
-u -p 4568 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00008340
commandline
-u -p 4568 -s 496
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00000984
commandline
-pss -s 580 -p 4568 -ip 4568
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00007732
commandline
-pss -s 516 -p 4568 -ip 4568
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00006368
commandline
"C:\libwireshark.dll",#11
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008808
commandline
"C:\libwireshark.dll",#12
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008440
commandline
"C:\libwireshark.dll",#13
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00003764
commandline
"C:\libwireshark.dll",#14
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00002904
commandline
-u -p 3764 -s 492
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00008804
commandline
-u -p 3764 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00008972
commandline
-pss -s 504 -p 3764 -ip 3764
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00001856
commandline
-pss -s 584 -p 3764 -ip 3764
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00006180
commandline
"C:\libwireshark.dll",#15
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00001644
commandline
"C:\libwireshark.dll",#16
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00003664
commandline
"C:\libwireshark.dll",#17
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00009092
commandline
"C:\libwireshark.dll",#18
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00005680
commandline
-u -p 9092 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00009096
commandline
-u -p 9092 -s 508
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00005996
commandline
-pss -s 548 -p 9092 -ip 9092
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00000464
commandline
-pss -s 504 -p 9092 -ip 9092
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00001068
commandline
"C:\libwireshark.dll",#19
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00001156
commandline
"C:\libwireshark.dll",#20
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00006872
commandline
"C:\libwireshark.dll",#21
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00007880
commandline
"C:\libwireshark.dll",#22
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00007112
commandline
-u -p 7880 -s 500
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00005628
commandline
-u -p 7880 -s 496
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00002008
commandline
-pss -s 572 -p 7880 -ip 7880
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00004760
commandline
-pss -s 528 -p 7880 -ip 7880
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00005252
commandline
"C:\libwireshark.dll",#23
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008852
commandline
"C:\libwireshark.dll",#24
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00002728
commandline
"C:\libwireshark.dll",#25
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00001192
commandline
"C:\libwireshark.dll",#26
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00009016
commandline
-u -p 1192 -s 456
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00004396
commandline
-pss -s 572 -p 1192 -ip 1192
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00001072
commandline
"C:\libwireshark.dll",#28
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00002020
commandline
"C:\libwireshark.dll",#30
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00005008
commandline
-u -p 2020 -s 508
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00008696
commandline
-pss -s 444 -p 2020 -ip 2020
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00008864
commandline
-pss -s 664 -p 2020 -ip 2020
name
WerFault.exe
normalizedpath
%WINDIR%\system32\WerFault.exe
sha256
0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
uid
00000000-00003716
commandline
"C:\libwireshark.dll",#31
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00005276
commandline
"C:\libwireshark.dll",#32
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00008188
commandline
"C:\libwireshark.dll",#33
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014
uid
00000000-00006840
commandline
"C:\libwireshark.dll",#34
name
rundll32.exe
normalizedpath
%WINDIR%\System32\rundll32.exe
sha256
98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014