0355475b500f6df818c7fdb5516def6b030e6ef663aea8fc372f0e290ef22e7c

Analysis

max time kernel
121s
max time network
161s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 15:39

Target

(4K) v1.1_Underground_-_Definitive_Edition/Underground - Definitive Edition Mod/scripts/DebugOpts.dll
Size

12KB
MD5

883d4ab7fd62eb2d07ec3f6d53d7a36e
SHA1

3da2f78a8da9f245df32f7c2ab68058f269b16bd
SHA256

b0c691581182d7c132efe68fc43612aebe924e7df67bdf49e2a1b9e8ef17f6eb
SHA512

e9697eafb592b78af9b1bd37a7e043985406eb6f7216b2a1e18038ca53b54d555c4f86f5e77a2d562d39b6bd4fe513998eafc391d515bdcdb85144a1aacdb71a
SSDEEP

192:f6ebuaIeTmLIcsZjB0N5DXEGZpQeCA+mBBeGkO7NtPHnoz63Iy:SebuaIeTmLIWbEGTQexBsGkO7jnQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29
PID 2936 wrote to memory of 3004	2936	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\scripts\DebugOpts.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\scripts\DebugOpts.dll",#1
  2⤵
  PID:3004