c17c4eddf891c3c1f2e24129e9d9dc49a027c5c7827f77e20cc8fd311be327a1

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/03/2023, 12:32

Target

libcocos2d.dll
Size

1.7MB
MD5

29cfb52b30b2f487e30da873a4f20abf
SHA1

385b53196dc5e2a1a009bde23551faf9ba1d380e
SHA256

c17c4eddf891c3c1f2e24129e9d9dc49a027c5c7827f77e20cc8fd311be327a1
SHA512

fd520051c48995e527fb57799f2e7f58d4a0b26eae820afe41e7e1c9dbe35b41772cd870ac92feb640ac23270ef46b789c157733c97d3bf8af04c1ad5dc09824
SSDEEP

24576:cVtR9yxzz3nJYZl4ZbtMCeGg7dP6BXt/NKl9vl6Wm8y0vrJTQYOVPKRqicw0:cVtkFX2SgMdN69vlhyOJTQYOVPecw0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27
PID 1992 wrote to memory of 2020	1992	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcocos2d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libcocos2d.dll,#1
  2⤵
  PID:2020