4540f0d89fce0b2a7a190c0e1b2c928a66cab46411b0903a2bc6798cf0acf901

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 17:39

Target

$PLUGINSDIR/nsSkinEngine.dll
Size

542KB
MD5

d2affa62684317933b3a1afccc19ce4d
SHA1

e7661cd1c84d341177210668a7e268f4d426cf78
SHA256

6cb3b447fd1cff285e4249deeeb2582f80260a22fab6f31899fe17165d401f7e
SHA512

6b93d68baecf5e7f233f73fddc0453e80f31932267c44ac402e9918c09c85133e5699b3975b6def8adf20ac366228874a3a9ddcd12a6c02e46f1528d23a44746
SSDEEP

6144:rclS2FiZXuC4DBEqV3juE11KUr6abef14CdlLUHGvs1NO7ehsg54vkiXOhZ:rcI2FQXTkBEq1KE7KUr68eOadcNYRvX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28
PID 1928 wrote to memory of 1872	1928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsSkinEngine.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsSkinEngine.dll,#1
  2⤵
  PID:1872