47661186d1741ad4a5feacca3aa36419fca9c4bb9bbd820e73d0e354b1695312

Analysis

max time kernel
53s
max time network
63s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27/03/2023, 23:29

Target

Furk Ultra v2.1.4a/FurkByteCode.dll
Size

7.1MB
MD5

3a1fdb55f06cb3bdf29d0aee2ef9d0fe
SHA1

70259ef21cf431b9442e7555c4a92da583f2d817
SHA256

069d4561cdf9bd0b3985e496c4e84e19727e4ecc379e1ea075d6468e1b9f9759
SHA512

bd1c7090af68b39e6de854755d7dc88c83d65d7008ee0e4f5a8171662406767592cefbdf12e834243f22a359f35f6714f497345b341e2e1e51cc2ae4fd61667b
SSDEEP

98304:HI9C2MLfAEbUZ0V+/ewVN/uDrOtsAhJMrt/8PSIgDdSF5RJhQwnilAKn6ltLDhI2:HIE/5bUphVN/ueCR8Pqs5smxTKAd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 2596	4024	rundll32.exe	66
PID 4024 wrote to memory of 2596	4024	rundll32.exe	66
PID 4024 wrote to memory of 2596	4024	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Furk Ultra v2.1.4a\FurkByteCode.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Furk Ultra v2.1.4a\FurkByteCode.dll",#1
  2⤵
  PID:2596

memory/2596-121-0x0000000072860000-0x00000000736BF000-memory.dmp

Filesize
14.4MB

Download