d8f6d619ef040ef4ffa6ae00201e3b04e13763a67c2e46df9a348faf18de334c

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 21:44

Target

Amazon Gift Card Generator v2.4/Mainres.dll
Size

739KB
MD5

fece08e98e0e9e2a9e101f7159e997d3
SHA1

3d97c03ce5976e1d8615154dde8655218e0e123a
SHA256

5a9febc0c830e36de4cffa21f4c1f17049789a5ee33dc58193a12d787f9b8482
SHA512

ce4c2492a297a4a024c95cb4f852c88931ffbd02edeb3c0e6cb19456024a33021f56ebf00e49b3ff0ec3055959fdacdafcb7a6f81c09357b0d327880cb0cc1b9
SSDEEP

12288:IKD9RfmunZWcFR2SJi26pUNmlWGhI2BxpKyrd+8U7eHNtC5BLj6/5Ev3v79bJ9tc:IKDD+kLVlAjC2BxpKyx+l7LBLj6/q3vk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Amazon Gift Card Generator v2.4\Mainres.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Amazon Gift Card Generator v2.4\Mainres.dll",#1
  2⤵
  PID:1584

memory/1584-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download