add2d2999ed2b5f9ba6bcf8f851b8df8c102161d8436b80bd8ce67794c67b79e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 20:19

Target

3D Analyzer 2.37/3D Analyze/dat2.dll
Size

964KB
MD5

074470b9abf780cc5ae2a44354f7edfa
SHA1

a4b878925a581fa1d38447eb1f5d0892b11aad6d
SHA256

b414b5d9466a2942bd833c4b901842db32a56e8cde3def3cacf4132127c2c068
SHA512

5c23156c77d484221768f16fe94801f64afe465654bdca45f9fb62d6e9827310fff8c97f848d9673e66fa2280fe761477716845e8810e50cb7bc0341d8db0647
SSDEEP

6144:0H0ADhVwyEnMeff5AyMl7GzGy0FqkxI6jKap9beedWVWAAaHNAGVLBlMjnm8ySIr:rADhVwLMSfeylGOkC6jKgbe1VlGm8nh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28
PID 884 wrote to memory of 2412	884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\dat2.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\dat2.dll",#1
  2⤵
  PID:2412

C:\Users\Admin\AppData\Local\Temp\3D Analyzer 2.37\3D Analyze\config_DX.ini

Filesize
173B

MD5
d39d5664093bef9cfe20390e9a03710f

SHA1
95ba61297ef34518805964147a9a3e401490a4e3

SHA256
cb4fbb71287278e6248a1a89eb6defc6441187f1d34d45953171aadd63073a07

SHA512
298c6fd0eb39d1c438312c82e4addd0cc66b066c31fe7d094fe2e6a20ed03f489648fea0afa7f0710f412f2265f77f793f62c6c65b0aeefb2b8d9c9887b7ae2c

Download Submit