d2f3a7cc98ef6c6ed268c66cd6d82f91377a57ac67733f22681cbaded4a60bd3

Analysis

max time kernel
15s
max time network
18s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
25/08/2023, 19:46

Target

steam_api.dll
Size

807KB
MD5

bdb69352046c5021c5226fec74bea252
SHA1

e42b049112787e18fd126c51f1984bbbec586e4d
SHA256

d2f3a7cc98ef6c6ed268c66cd6d82f91377a57ac67733f22681cbaded4a60bd3
SHA512

8352fd7f4864c401e1def1e9c69b9e5cea403783f30d5517aee1a56821e091693ef569d5a9d40d3c88b356d1842592ea9a61879bd72a6c55ede506ab9eb43ce4
SSDEEP

12288:6kqKmpLnAfyElBV+mt3Sm1zFBCHfkM6fPiGgME/Xy2w0EfFF/OLvcvilT4YO:6LLnAfyCl11fPiGgZC2EfXu9lT4YO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28
PID 2164 wrote to memory of 1948	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
  2⤵
  PID:1948