9c742cdac2440170bd6cd56f590f5f466a18528715f8b10d30dea58a0759294d

Resubmissions

22/02/2024, 01:13

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 01:13

Target

PLAZA/steam_api.dll
Size

212KB
MD5

a40bf56a38edc7f391b1028b73749a8e
SHA1

fa28b570915a455af719525c0eb92a7ae1b74117
SHA256

dc204ea6ad73ae127a2f6977055f861dc9c850a3c14d66e0810b8650cc1340a0
SHA512

36e80a3e2713297b353f47175a85d4e738f463354af2c77f8d902c00bab429448ba8d128e4da471676f2d709910da61ef12a4375d37c3aab4b286700be8472b4
SSDEEP

3072:lB+VWkSeQYEIkc+7pPjVvx3V5rBwpI82X4+Sk1nAmy1ICN+RQuea5V7i:lwVWku2F+7977Ilk1nAmyGCN6Z9Bi

Score

1^/10

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28
PID 1804 wrote to memory of 1620	1804	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PLAZA\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PLAZA\steam_api.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620

memory/1620-0-0x0000000074750000-0x0000000074832000-memory.dmp

Filesize
904KB

Download
memory/1620-3-0x0000000074660000-0x0000000074742000-memory.dmp

Filesize
904KB

Download
memory/1620-4-0x0000000074750000-0x0000000074832000-memory.dmp

Filesize
904KB

Download
memory/1620-5-0x0000000074660000-0x0000000074742000-memory.dmp

Filesize
904KB

Download