2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4

Analysis

max time kernel
139s
max time network
319s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
02-04-2023 17:50

Target

Oneshot/SDL2_image.dll
Size

444KB
MD5

8607b573c3290ce9082841cd8a121767
SHA1

f6cd77d5930cec451d6979094190f53a90febd03
SHA256

9e3f740573500f88bfe4b4f317a9e7d0d674a5a24a6356d28da8c936feb4d334
SHA512

aa9393895916ac77aa2d4dc19cf487c28c0178ba649281b0d9d9cd868cbc816c522709f1301eebfd141e494aed4f0f7a314b12075085d197bac47095e2757370
SSDEEP

6144:c47zMtBByitjKiy2KsifmgsOysSXiEG6RbBptJDN8s72itxiXqtexRNCem7bAxQO:rMnDj6mgsKkG6JBptJD7GRNCe3Qwj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1900 wrote to memory of 1996	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1996	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1996	1900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\SDL2_image.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\SDL2_image.dll,#1
2⤵
PID:1996