a8bc86cd95d9cb31d2a958734e7a88af3eb46bab9a91712a21a7bce6afecde1a

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2024 08:40

Target

MegaMan Unlimited/msvcm90.dll
Size

220KB
MD5

d34a527493f39af4491b3e909dc697ca
SHA1

afee32fcd9ce160680371357a072f58c5f790d48
SHA256

7a74da389fbd10a710c294c2e914dc6f18e05f028f07958a2fa53ac44f0e4b90
SHA512

0dabc5455eb02601d7c40a9c49b3ade750b1118934ef3785fb314fa313437bc02b243571aba25f1661a69dcea36838530c12762a2e6602d14a9b03770a82cca6
SSDEEP

3072:6yZeocziNzMLSMOYscmLWbAX+dP4Upoh86Goao14JU87/amFYw8fF01OyASLE:PYOMqc8oAXGP4Upoe6fa3/amiX2Oyp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2672	8	rundll32.exe	84
PID 8 wrote to memory of 2672	8	rundll32.exe	84
PID 8 wrote to memory of 2672	8	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MegaMan Unlimited\msvcm90.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MegaMan Unlimited\msvcm90.dll",#1
  2⤵
  PID:2672