df430e88e62b426b7c75ba29eb28eff3b77714999a28c6f9aa9172085f78cd3a

Analysis

max time kernel
141s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2024 00:18

Target

scenegraph/qsgd3d12backend.dll
Size

251KB
MD5

93b303c417071f1e7ff40d0a3bc99dd1
SHA1

c3a14b15fcb4344d3b6fea4fb5720347a6b8d54c
SHA256

ee23a80b129c7583d71e0318d10925846b1ba63fe72063036e2448698a7a7f7f
SHA512

60da781b815f68d9fc007e2633d6386052dec34def619d488f9b392a43aa785fb955f9df2a55c1c56099396b649b3f697b00565f9b3bfc477fd1f85042fe74ad
SSDEEP

6144:fOj8+Wcr7GIArXnlwlBg4bHAoVRp5UtkX14rWuOIlbowGWybg2Xbj2OG/6OxESPp:fOj8+Wcr7GIAr3lwlW4bHAoVRp5UGl4p

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 5060	2100	rundll32.exe	89
PID 2100 wrote to memory of 5060	2100	rundll32.exe	89
PID 2100 wrote to memory of 5060	2100	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\scenegraph\qsgd3d12backend.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\scenegraph\qsgd3d12backend.dll,#1
  2⤵
  PID:5060