09238e013da42b83602ad3eabd759f980292e6208d0d67f95051e2b29893f9b6

Analysis

max time kernel
28s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 05:13

Target

SWZ-2.03/【520传奇】守望者加速2.03/GWH_d3d9.dll
Size

125KB
MD5

dbc0315bce54b4f4a6dd0b2527be1e92
SHA1

3747fbc12557ae456e0a5ab1367d368766befc5c
SHA256

c7b80c2adfcf778923fb8c91e749162f0bd948ea48c291130b2e9576181dd3f0
SHA512

4ba29478fa9dbb3802a3e5fe7a4517960bc586923ccf8a1bbac0308a92117c61f4ee9bea6d39fa3690a77d209217dee5967eafe0a8da8061a3ab229f2d9c3762
SSDEEP

1536:yfTuFJmuEHFRAg0JaQTvlw4LZM/T68ANKCRnC3g/Y6Z/+54arPiHu3y:yfTuFJmlc3iJCRCQ/PQ54aD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 1160	748	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SWZ-2.03\【520传奇】守望者加速2.03\GWH_d3d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SWZ-2.03\【520传奇】守望者加速2.03\GWH_d3d9.dll,#1
2⤵
PID:1160

memory/1160-54-0x0000000000000000-mapping.dmp

Download
memory/1160-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download