cdc6ac3c1c5e5d54fbfdbb825b7ea5f0a6b0886fc0cee7ff3cc51cef8d064b28

Analysis

max time kernel
43s
max time network
54s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-02-2023 22:47

Target

steam_api.dll
Size

1.3MB
MD5

e869484d80d8d08b1a31639127c3d344
SHA1

29208a8734f6c713d2ea7c343ff159d35358e356
SHA256

cdc6ac3c1c5e5d54fbfdbb825b7ea5f0a6b0886fc0cee7ff3cc51cef8d064b28
SHA512

79e01f60c18c24d2fb366952b28463a48ec0955220e65f99c30870a2c4fd12a95619f4de665a055cedfe5623c8d083f71ec8861e6b6d2570424a9f088bf45891
SSDEEP

24576:bKpb+Lpmbz9gAXilDGgP9GX0dc4hxU4BVoXoo1DJXLFT4mknD1pVOGXSCbAle:K+AzYDGsC0/9cDXT4t1iCcle

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1652	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27
PID 752 wrote to memory of 1652	752	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1652

memory/1652-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1652-56-0x0000000074EA0000-0x0000000074FF7000-memory.dmp

Filesize
1.3MB

Download
memory/1652-57-0x0000000074EA0000-0x0000000074FF7000-memory.dmp

Filesize
1.3MB

Download