6f89de2ae773d9d0823f407572017c7dea50d8b28c7140cfcb9232293150b9b7

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 18:24 UTC

Target

vk_swiftshader.dll
Size

4.6MB
MD5

17bb7a2a7cd8ccd96ed19753cfc75bec
SHA1

7c996eaa179fd472a572a0efb3e243a81b283977
SHA256

070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8
SHA512

80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4
SSDEEP

49152:eg0lNhuGaO/dRxQGQ+mEjWIyKGTJtE+M5q0yN769reA3Em0PNX4WbUEwxWvbG5wW:jm/j7sw7kQtlVdQQog

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 1992	2852	rundll32.exe	28
PID 2852 wrote to memory of 1992	2852	rundll32.exe	28
PID 2852 wrote to memory of 1992	2852	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2852 -s 80
  2⤵
  PID:1992