4ffd4c272fd15fd56519eb09b60df2b76368283b5e51a402d7324251542279eb

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 03:58

Target

Mod Menu 1.3/Data/plugins/bearer/qgenericbearer.dll
Size

87KB
MD5

07c9ac52607af53aced1f2f42eeb8a8c
SHA1

156cccc321e621d2821b3d7dce6284d481f6f579
SHA256

a82aa3b3fe6a8f916c77ab57525de9fb7ab09ac77515b4cd9020903c8fa8b6e6
SHA512

425e4319c242e046a657bd8d34ff6f8205d9d825ba4e65c531759812891df78f954a38e0bba83fcde65fb8887b417ecc354f0ee32da891b3a700f3d84e4a7418
SSDEEP

1536:rJRT1aojKGgIBSaFYeQPkRjiS20gMf77b4EWcbq2:rJaCgIEJeQPkRjih8f77cEWcN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4288	4888	rundll32.exe	84
PID 4888 wrote to memory of 4288	4888	rundll32.exe	84
PID 4888 wrote to memory of 4288	4888	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Mod Menu 1.3\Data\plugins\bearer\qgenericbearer.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Mod Menu 1.3\Data\plugins\bearer\qgenericbearer.dll",#1
  2⤵
  PID:4288