f95123ac6d4fd94c6fbd7170251787500e47bf46310e56d1e6e02db6b6043af0

Analysis

max time kernel
9s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 11:52

Target

SA福利中配ENB/福利ENB/d3d9.dll
Size

142KB
MD5

7b7e897b2facdf885d935152adb8c34e
SHA1

8ff4e0282d2203362c2225709e32a1a832b11a1a
SHA256

f6adb66a8d00bfb97f18f88c6bacd0e444f7bf29ae6b9568e9bcab5cf2cd6800
SHA512

ac82776cca1378f4d259af010021fe9137b074555f73012730eef305e2794eb6c95b2b7cffbc18a223633cb8ae414ca979b619b6c587f0e0b5e59224cdfbf5f6
SSDEEP

3072:MC+OSOJVIJ88Jjpxo99Z4KPAmnDP5qSU5BhVIQfjzJTjahs5VC5d:4p4VTqlx29Z4KPAMDP5tU3hj5W

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28
PID 968 wrote to memory of 952	968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SA福利中配ENB\福利ENB\d3d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SA福利中配ENB\福利ENB\d3d9.dll,#1
  2⤵
  PID:952

memory/952-54-0x0000000000000000-mapping.dmp

Download
memory/952-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/952-56-0x0000000010000000-0x0000000010052000-memory.dmp

Filesize
328KB

Download
memory/952-57-0x0000000010000000-0x0000000010052000-memory.dmp

Filesize
328KB

Download