4db59a0e1bfdc3d12b222f6e2de79dc7ec9670796dcfeffa77aff3d2c0cbbb5f

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 11:05

Target

GH Injector/GH Injector DNP - x86.dll
Size

41KB
MD5

ac1e179db9e1662cd5eadf7d270e4ecb
SHA1

d4e8ebcc1d95f4ccbb2bb1680ad2e56f46f958e6
SHA256

b2f7d9c60e51654c3c6f0b40b5a8bffaed3f4bcedbd7e35af42f4e7f50a941f4
SHA512

ea2d9a04e321af21a2bba4fdd42b74ad4ea25ec35e60859821a472a05bf23a6e30885caa265482b3a92a912a87a8e1a5c0c479c5f3cc38a288338dd4b7d7c82b
SSDEEP

768:FBUog5/tyehkZAmBTqMsh19zh6+XFRNy4KZrojDgvEOarEJPxL:7Uoq3yVTqf1jzjxvgdDPxL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2324	624	rundll32.exe	87
PID 624 wrote to memory of 2324	624	rundll32.exe	87
PID 624 wrote to memory of 2324	624	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector DNP - x86.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GH Injector\GH Injector DNP - x86.dll",#1
  2⤵
  PID:2324