71d836c2aef7e6cfa5737fdf1e3f4c0bb5a3a4e8a598a1accdda263e36acb83d

Analysis

max time kernel
168s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:17

Target

Moo0 SystemMonitor v1.76 Portable/WinRing0.dll
Size

64KB
MD5

3efa8f1865595ebe1dd415025bf17d8f
SHA1

c37f9c5fc06bd1ee8a0a7694f378c0cdd2eb4484
SHA256

8edb4338883cb12d730ea1827c8e232b4a1562e207c5af26b0d8d86e4b3f2269
SHA512

49b6c8a4005f4f2b61e57d373bc74ffef715d174ed891a73502e2cc19f21c59293188cda364fe86b2bdcd1dc9d97562cf8b73449ce715ecf285c964628cd5764
SSDEEP

768:hRPlqAVzcRDoomqfLYwwvI+Ps8qyOTtvPPzGVojF:jPlA0ogw+PiZtXPzNj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 3788	1156	rundll32.exe	86
PID 1156 wrote to memory of 3788	1156	rundll32.exe	86
PID 1156 wrote to memory of 3788	1156	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Moo0 SystemMonitor v1.76 Portable\WinRing0.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Moo0 SystemMonitor v1.76 Portable\WinRing0.dll",#1
  2⤵
  PID:3788