2d3ddaf7da231e79bff773a421526458128ca84cf4aaf5f06bad31e20e06cde5 | Triage

Analysis

max time kernel
4s
max time network
56s
platform
windows7_x64
resource
win7-20231020-es
resource tags

arch:x64arch:x86image:win7-20231020-eslocale:es-esos:windows7-x64systemwindows
submitted
06/11/2023, 12:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

adventure Time/Crack/steam_api.dll
Size

29KB
MD5

26b7184431da94f55083acef69160ea6
SHA1

14058ab7fc67ddc4841bd3149f2c81b54a14363c
SHA256

7ce56431e40f4caf344b42152c2423cf78bc76a82d010fab6fb808f59b08eb2d
SHA512

776c511de90759625e05f8e38b83a1d8d81f7e989e2e239eafaab4c0a4460afb2afd1a5afc35926dcf3d58912d83026dd82f92041675491b56b27da7708a7198
SSDEEP

384:lMnfvsxXjRC4TeAyKI5mO5mUnPQxunq4es5am01iBdVV:lMfvgEeeRP6C6iatuVV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30
PID 2576 wrote to memory of 2844	2576	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\adventure Time\Crack\steam_api.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\adventure Time\Crack\steam_api.dll",#1
  2⤵
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads