add2d2999ed2b5f9ba6bcf8f851b8df8c102161d8436b80bd8ce67794c67b79e

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:19

Target

3D Analyzer 2.37/3D Analyze/dat1.dll
Size

748KB
MD5

48a4d45f19aaccf446cf48fa8921b80b
SHA1

cc4aa28cc55cffa8273921beb50ec2930f6b32bb
SHA256

dfcd1b6644ecf068b273b131d8f7c74c69177125aed5806450552473922cf038
SHA512

2107d0503ec0fcf9b92aabf3761118ce735c71a39612e804989ec1c2f22d2c124ef2ee63056dd8dc5d15221d8cade6927e8519673350de8705483b6f61bb7fe1
SSDEEP

12288:cFIZI2XGMqJbjtQ3xsNofJL8ySgGWIeIhcwfdXTkQrzP7r7Dtaq:cF6InMqFjKBsNofF9GWIeeRhzPM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29
PID 2008 wrote to memory of 1248	2008	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\dat1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\dat1.dll",#1
  2⤵
  PID:1248

C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\config_DX.ini

Filesize
748B

MD5
29fa2d5ea7e2b86edd97379bf3d7a98b

SHA1
22ce7cc6ec7976ca36e1b4087f706d35bd3ceb8a

SHA256
93165fdfbc8ce24aefb3fc6de83f55e58ef50f0debdca8948a749ba7ffcc8771

SHA512
277ba0df6f4a31d562f75c8c683eaed9d7a7606ec83bb7a44fd23107b5ab3fad458058fafd5d79475585e896382e2ff0aa3198c18e3f07e12e8b2b1af4dc5788

Download Submit