8e86e10a9b3a48604514c4fab81a68afcc48d1cbcf932255afdc8ca85e33c12d

Analysis

max time kernel
301s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2023 04:26

Target

PvZRT_Data/Box2DBackground.dll
Size

98KB
MD5

cc163d202a455291f3e55ac5e1c420c6
SHA1

2d850a84d501b58135056b9461bc40e23935a2c1
SHA256

f78ba240f3b8aabb6146562cfa373fd6dbbb93a2f589592cd0f2da6d75049c7c
SHA512

1d519a6849a6f36cc95d7dc9dd5eceea194e55a9c0160eb11a52abd8bfafdbe9af2fb1d5e63905c49c59e845df39b808cecc70c57960773e51d9d87939357686
SSDEEP

1536:aIlLuZsydryfjQdXSO2J4UIfE0p8CnDcYsWEcd5xnvsqGOMATaM:ZLG3yjQdX7oRIc9AT5BvsXOMAmM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3056	1724	rundll32.exe	84
PID 1724 wrote to memory of 3056	1724	rundll32.exe	84
PID 1724 wrote to memory of 3056	1724	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\Box2DBackground.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\Box2DBackground.dll,#1
  2⤵
  PID:3056