f93e4c97205e62be08bf62fcd18e7a8a163aa0a04525ba30a364dd2fdd5440c2

Analysis

max time kernel
142s
max time network
159s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 13:18

Target

ForzaApexImport.dll
Size

3.0MB
MD5

38b6bfd23e395bb5f0ed853c397b8ea9
SHA1

b95851d87168a58afe88d668d8cb1daed9d2e6a1
SHA256

46222bdaa72afde94f8799d3fa76c8a4a717622285dceb502d28e2afa3b55955
SHA512

b328d019b6466ffba104296e4c99d436ff3fda33bdf19e5d630122f5df0b49f0c84632df0d55580281f073771ea1bf094609d05a6d0a089f7a338410f00004c4
SSDEEP

49152:ZCm7cI6f8iffHzLtpuNMViDDY1WSEk2mWPROvQIoPRzSjro9Ds+ueO+YM/:77cI6f8iffTZ6fYQSECmRIWR+o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 784	5060	rundll32.exe	70
PID 5060 wrote to memory of 784	5060	rundll32.exe	70
PID 5060 wrote to memory of 784	5060	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ForzaApexImport.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ForzaApexImport.dll,#1
  2⤵
  PID:784