f0b7b076fe93621614a808722736db505649dfba8d2adc953e98f091c1f99c00

Analysis

max time kernel
38s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:02

Target

Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0/LocaleEmulator.dll
Size

58KB
MD5

e64452d46f00c3db5c9df2276b42756f
SHA1

c249fac1cab3e7b4af6d44ef27299c9511cb4097
SHA256

c3ebdccabf0d7b8cfbdb1a7cd01b5ab406859053830a93a6fbd3cca6ef83956c
SHA512

889f0fc27605dc1af98d293c696f67ca17c09f2d8d0db351b06f3d13cce932104748d61370638126422fe714a3a6caec436c9040f90603655463498f6eb35da6
SSDEEP

1536:X22xFUxLtr8SR087suzVuCmkR1xAN0ogZuwz5/uo6N:X22xFUxVL7sqmkR1w0ru2B6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0\LocaleEmulator.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Locale Emulator 讓簡體中文軟體可以正常顯示 v2.1.0.0\LocaleEmulator.dll",#1
  2⤵
  PID:1416

memory/1416-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1416-56-0x0000000074C50000-0x0000000074C61000-memory.dmp

Filesize
68KB

Download
memory/1416-57-0x0000000074C30000-0x0000000074C41000-memory.dmp

Filesize
68KB

Download