29b9ac9062421084dd15fba4d6f3facc62be57567ab25c94e4f0fb7610340a18

Analysis

max time kernel
25s
max time network
19s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-08-2023 18:29

Target

gmpopenh264.dll
Size

981KB
MD5

2a78a9afb83ce285c262358f15aabdd8
SHA1

7aaeb56467d39f3e42b32083d6b78a721c343f32
SHA256

bf0fe269593def9816272fe732baae9437e91fb545df55ddd0a714eb5ed6b178
SHA512

5e1970b7fb10338264ead87e0f752d7016b6bb221e05edacb8cd1b409e2bfe2d0f1fc1e0db05303d05f41b21f60a58f537c27b835eb4b0301b6b86ac927130b4
SSDEEP

24576:/w+TxGr5P+7MdDev+v2iSBFy/LTrgN3E2P1HWEgLcp/lBD6C1TkSZ1zgfM5fYqPN:/tTsr5rSBqgZE2P1YAlBD6C1TkSZVgk7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe
PID 2572 wrote to memory of 1636	2572	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
  2⤵
  PID:1636