6ec79179c1e61df21e38b754017b672d559f0537ce0a3b64afe7df97025fd01d

Analysis

max time kernel
1735s
max time network
1147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 10:38

Target

gme.dll
Size

180KB
MD5

c9b8b6a88ce55942260ba910f37cbb86
SHA1

ba131c0d6cbe223175319a9d8bc7b93db6481a92
SHA256

acae38d5e18a442c42b0c8dfddd620a241cf397142ac99e59ac8893d6738f64b
SHA512

a224064c1e7eda29348b8749e5620dd0f88241096f74d708aa98b7c9b849af2b203c04bf47b0919fd014e4267622e8a6aec9bdec28d73a443b8316452b2b7130
SSDEEP

3072:ZRHHMH7b8RpQ99BcplZeedffojr/fFJo77jCOf27vd/nFfvB21805/e/Uq8/JUFD:OH8RpQ99BcBeMwPfFW7qOiFnBl0r4OKx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 864	4528	rundll32.exe	85
PID 4528 wrote to memory of 864	4528	rundll32.exe	85
PID 4528 wrote to memory of 864	4528	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gme.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gme.dll,#1
  2⤵
  PID:864