ee1fcfce4a8f3349c6f78e52eff179f51e95e69665e43a32fa1e76a7674d18cf

Analysis

max time kernel
150s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 02:19

Target

Crimson Skies/GOODIES/DIRECTX/DIRECTX.dll
Size

88KB
MD5

e15c3601b3db89e25084575a05938c77
SHA1

e5498943c97ac2a6760e2ccef6a7ebfa6629be14
SHA256

e0a812308736ce36371a32497e6435df28b8786958617e370582af335619fcce
SHA512

2a1bed64453f695068447d22eed74c00d8e734feb0bc58226bf3c6074832dc33c4eb3e9541a46a14b6ef6ea8da26df25b3b3203b18accb40f5f9b53d75373fdb
SSDEEP

1536:X94mSQQJki2u/hqL4ppwJb/mTgTPjRpKrfffEdGnLJLZo2uER:X94jQN/b/x/KDffEdGLJL+/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 4012	3104	rundll32.exe	91
PID 3104 wrote to memory of 4012	3104	rundll32.exe	91
PID 3104 wrote to memory of 4012	3104	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Crimson Skies\GOODIES\DIRECTX\DIRECTX.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Crimson Skies\GOODIES\DIRECTX\DIRECTX.dll",#1
  2⤵
  PID:4012