b4e4e7d4279c3afbd5c4e88fee949f587a3ff5416b7c153dc5b4ad49262ceb55

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20/09/2023, 01:09

Target

steam_api.dll
Size

249KB
MD5

6c80af303e39a58ac0a4dd1ef2808f9e
SHA1

0841dc73043735016961dc6400cc0fb0829e0121
SHA256

b4e4e7d4279c3afbd5c4e88fee949f587a3ff5416b7c153dc5b4ad49262ceb55
SHA512

0ddd34ce62dfda7a5864a97b127162b21a984b35712f6e1b76d19db7c312af38afcb1a0334bdcd58054ecd160bfbed8c31527e73613b7e8b50cd9573bdea7947
SSDEEP

3072:I8rodekGPKZZl6lg68yJbTYswHdVy+fD5CzDn0o5LWyGQE7tJL03VCCmSQMqI5ck:I8roUZP4zob1yIDn/lAoo7L6F7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28
PID 1864 wrote to memory of 2196	1864	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
  2⤵
  PID:2196

memory/2196-1-0x0000000074F40000-0x0000000074FCA000-memory.dmp

Filesize
552KB

Download
memory/2196-2-0x0000000074FD0000-0x000000007505A000-memory.dmp

Filesize
552KB

Download
memory/2196-0-0x0000000074FD0000-0x000000007505A000-memory.dmp

Filesize
552KB

Download
memory/2196-4-0x00000000009F0000-0x00000000009FE000-memory.dmp

Filesize
56KB

Download
memory/2196-5-0x0000000074FD0000-0x000000007505A000-memory.dmp

Filesize
552KB

Download
memory/2196-6-0x0000000074F40000-0x0000000074FCA000-memory.dmp

Filesize
552KB

Download