f3dfbacb9f780941ad25c4e5cfe7bd87e5593b5e6a6f83b3ba81eeca14721914

Analysis

max time kernel
35s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2023 11:28

Target

7FAR - ZModeler 3.1.2 (build 1123)/tools/DirectXTex(1).dll
Size

325KB
MD5

f1d86861d176f779df75880f101a7840
SHA1

04c5f71ce644cb62ccbfee55dbb754621ef7eb5c
SHA256

62393e67f491779268b447713014bcd6acf9e8c796fe6694affcb22ebbc2c818
SHA512

1b529fd31eab1111201c0a2b43b81821d65b5b57cd23d5e6315734f7169c4abf341ebe3430897fe49d86791d8721009e9831aa294cf8a6f1bcf8acb46cdeb3c7
SSDEEP

3072:CINSE01eLy8HqGlWWIpsmhz9rgU7E/iPLM2agr8DWhr6c0s:CaSE8eLF0/X7o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4968 wrote to memory of 3796	4968	rundll32.exe	81
PID 4968 wrote to memory of 3796	4968	rundll32.exe	81
PID 4968 wrote to memory of 3796	4968	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\7FAR - ZModeler 3.1.2 (build 1123)\tools\DirectXTex(1).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\7FAR - ZModeler 3.1.2 (build 1123)\tools\DirectXTex(1).dll",#1
  2⤵
  PID:3796