2caed36cc955d76f031bc25e56d5ea5c149d2a63874b695ce03798b7a578b6ba

Analysis

max time kernel
143s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:41

Target

alixixi.com/ichat2/ichat2.5正式版的视频聊天室程序/1_85Upgrade1_87/usermgr/ichat_files.dll
Size

144KB
MD5

b7ff559d7dceeacc67293091e395e6fc
SHA1

814cc0c4ec10c94a1ac24ae6c4edd1647d06ee33
SHA256

7c7b7eaf544e5a0905e6fba90a9468615634aff795a1070c8325faf0d3495ad0
SHA512

b812563d7aea6ac003399b70d442dda0b63cb481bc2d849705dda3dd211b56d2d2aa11c3932012f1396ee8f4717d3a072bf065ed879be9b62eb70bc66ff7a862
SSDEEP

1536:sSWDZA7K8RTTKbubqZqaKN0obx0aYaA+sfttFB01BiB+jGZlLzbUYbon8KwFmho1:yqu8EqGqBN04WHtF/lPbFon8/UholM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4520	1616	rundll32.exe	87
PID 1616 wrote to memory of 4520	1616	rundll32.exe	87
PID 1616 wrote to memory of 4520	1616	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\alixixi.com\ichat2\ichat2.5正式版的视频聊天室程序\1_85Upgrade1_87\usermgr\ichat_files.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\alixixi.com\ichat2\ichat2.5正式版的视频聊天室程序\1_85Upgrade1_87\usermgr\ichat_files.dll,#1
  2⤵
  PID:4520