9f4f94e28d45ab21771555fd06d44418f5017acd2dd455b22620e420631cd15b

Analysis

max time kernel
125s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 15:29

Target

CrosshairEditor/Freya.dll
Size

281KB
MD5

d5fef36a5ad0e809aad6b7cbe19d1062
SHA1

5adf39cfe296acd1e62618155f1e2ed68ea452df
SHA256

8cd822ca2dd0d9e3f298fb42f5c95ab6ef7ed71b68bfe4ac9e2fdb795760d1fe
SHA512

7c9580d9929c1b4c8f90109808a236113543e41ea3709da9a041c6802666cf18e2e2a827e951267f0fc497605f44bf83e2f5c9824f66917f1a2b0994a6cd8b90
SSDEEP

6144:+3nUjhnjy3aPg+ZQLM7KUAOFLjKjuUjB0r3T+fMMMMMMMMMMMMMMV7MMMMxliqyJ:1CYtQLMwFjuUN43T+fMMMMMMMMMMMMMP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 1636	3148	rundll32.exe	80
PID 3148 wrote to memory of 1636	3148	rundll32.exe	80
PID 3148 wrote to memory of 1636	3148	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrosshairEditor\Freya.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrosshairEditor\Freya.dll,#1
  2⤵
  PID:1636