7a27349b7b7e58b2af5056dc3f183478f88701026508e3222a87fc2e65e0f2d6

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/07/2023, 19:09

Target

PvZWidescreen_1.1.2/bass.dll
Size

90KB
MD5

6731f160e001bb85ba930574b8d42776
SHA1

aa2b48c55d9350be1ccf1dce921c33100e627378
SHA256

3627adef7e04dd7aa9b8e116d0afc11dcee40d0e09d573210a4f86bdc81a80b6
SHA512

07ae0cb85464b015b35e6157228775a6ac66e5e62a1b47f9395307b61176b6df835e00a1518846507718acffc271263008cc8a9b2c1e8a0192c5438774e12437
SSDEEP

1536:lyKkZPP882+8hMJ8Y8bRVYvVqGWWkaloy4bFcx/Rus5Ay6X0T3VzkxH9J:NmNN8bRVYNqGzCy8RQwXQ3pKdJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28
PID 2236 wrote to memory of 2588	2236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZWidescreen_1.1.2\bass.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZWidescreen_1.1.2\bass.dll,#1
  2⤵
  PID:2588

memory/2588-54-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/2588-56-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/2588-57-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/2588-55-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download