4552e84edd73799b3a6e8e6d8ad0cb231d44241748ecb072c82ee9211728236c

Resubmissions

26/02/2024, 07:27

23/02/2024, 05:04

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 05:04

Target

npp.8.6.3.portable.x64/updater/libcurl.dll
Size

728KB
MD5

2d031d5f3a4e10a94b1c8297d269e2c8
SHA1

dda72a32b31883ea021311a986a7166d2239cba6
SHA256

afce00c928629a699b2c253f4536e23350098fa1318275fad0677c5e8b09f0b5
SHA512

b18bbf6741a0149c9fc2ec6d9a7a3e684ec5bcce4ca9cb559dbac1c6fe853a4fa2d5eec3e9b9ba46fd8658be726e95a33205764fa4eb7e24060d4aae6ca11557
SSDEEP

12288:GvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:GVekCoa5l2P2B6hdQvl03msMy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2720	2460	rundll32.exe	28
PID 2460 wrote to memory of 2720	2460	rundll32.exe	28
PID 2460 wrote to memory of 2720	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\npp.8.6.3.portable.x64\updater\libcurl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2460 -s 116
  2⤵
  PID:2720