8e1dfd0fe2f4be63343c311ece0c39c357bb7341978375661707d1a3bec39046

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-12-2023 17:51

Target

Update/1.3.36.152/goopdateres_bn.dll
Size

53KB
MD5

c7ce022c59bc281c99877ecf7137b4ec
SHA1

f53341a06bbbeb25948a0178ea5e45c94ce6cc76
SHA256

f80738a1b58eb05d5fde4d45aa1dacabf85f6ce3e1baa278cea33821992a0595
SHA512

834094a639b9e3fb48ff891e957f016583d0c0abeedf9b64f6bc51462b960ee72fc315f5cafa315d5a36b9e3829b733d9b8194d8ac437af434999e43ff433b08
SSDEEP

384:F8bvUx7tVF7qTFoFrTFgRj+mBwHtN8hNyH1Mn8E9VFK4iy/IYi6ypIh4i/8E9VF7:2bu0FoFXFWBwNCaM8EANYi6y+heE9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2012	2044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#1
  2⤵
  PID:2012