3c90b3d32f3fe37632edfad2b768cf77d70e7de0d3291d0e5274ea8a7dc69141

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/02/2023, 19:44 UTC

Target

Slither x32y 64/node.dll
Size

3.0MB
MD5

d3a05d58135ff127809aef74ba5f450d
SHA1

af13b12297df1f677113fa4dc5484bcc03cd544c
SHA256

667ca7ba7937159e384902d0beb91e6de0c6d422cd5bf30c0a376af8c31c804b
SHA512

10536abd9aaacb3189e7288782d25f28b49d5ae8a42a5795780fef3c50bba6e093647a18def0eefdb8f7527f0c97dd80392b9d4b2865db652761e8eeba96fcb8
SSDEEP

49152:TQ5eHjb4RG33EVvcT/ETwF49sKneit6QsxsKBGgyqUyLbMDd4qaP1TXtcZ:TfnEUF49sKnea6S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Slither x32y 64\node.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Slither x32y 64\node.dll",#1
  2⤵
  PID:1644

memory/1644-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download