849e4a817090f6336a574b9171e354186e8fa21635dc0a73212db575aa6e27f0

Analysis

max time kernel
24s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 03:56

Target

LOL老干妈V2.9【无限视距版】/winmm.dll
Size

81KB
MD5

3178eb2d5e2a9964288b3890612817b7
SHA1

883ae666affc760d96266a06bb5bafd38a721c5c
SHA256

3cb2d3da39c60685c35fe72c89f0a307c7e143aca2b4d52ad1ecdf721931d512
SHA512

598714e5bcbe71521fa11c7b0acd64515c86d31784b984d96a247ecd4ca783387accae1125563cfed4905c4bb75e7f2be760a6eacd21f289b432707cfbea5cc5
SSDEEP

1536:WvwjOiobtD2Z0Afoy9BMCPgia50vZ4usu800/DPP6+4GXbdWRtWdTX:W67DoyR4O4usuah4KbdW7Wdj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28
PID 1756 wrote to memory of 976	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL老干妈V2.9【无限视距版】\winmm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL老干妈V2.9【无限视距版】\winmm.dll,#1
  2⤵
  PID:976

memory/976-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download