8c5977a93001297bb5c08cc6493d4b0c0c25bb7f394378d6bde8e508a3d85bc4

Resubmissions

21-03-2023 19:47

21-03-2023 17:44

max time kernel
877s
max time network
885s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-03-2023 19:47

Target

OneLaunch\5.3.5\chromium\libEGL.dll
Size

341KB
MD5

bb2e93ed2c056621e398c14257c591d3
SHA1

e95a66efafe77ecda54630ada61f67a5b2b3ca00
SHA256

0457c0bb08636be60aa9b63208ddf65b4f52061e18eab34e244913390ce02a32
SHA512

8ad3a389248c2cfea75ca1ace46ae54092182c41dae11d66c3508b6b79270001b6c05427b5c29f6ac0f9a91f3d72fe98d7e539df4ecb2aee76a9764a7d572bc0
SSDEEP

6144:pEIUkl/bULdPZPJYaUaskRVamPkOrLoxWXDL7T4BBf2I5t:pvUklTUBzUaFMOrLoxULkZ2at

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe
PID 2004 wrote to memory of 1732	2004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\libEGL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\libEGL.dll,#1
2⤵
PID:1732