ef5be23c988187881b0e6b1e2a9ced6296024f7f6baa6bd733574e135476cf10

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 10:21

Target

Goldberg Loader + Achievements + StubDRM64/steamclient.dll
Size

2.9MB
MD5

d876a19f7bb4204445dfd3907ec9b174
SHA1

686e4dd9467c994a5901e052e9f17b9b2f2bd6a4
SHA256

0ca9d7a8881271f51d41070ff01f6e909eb6de5bab873ed88362cefb9dbd65f6
SHA512

45e35a2d9b5e8c03d3d20d0a64fb2f5d16a1168dafc2a72d9e4f9c80f0a22a1df16c3d4eee6cc0746143014c50161db2f8c15addbfda5481e035c1f34448e23e
SSDEEP

49152:VI6M9XPvNI3oCvr3FUU+IMwhDjFbGpMHFFu3SlMX3J2elHVUebEieE:HQvNItvzRrDRIMHFFu3EE2eVVUS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1000	4888	rundll32.exe	83
PID 4888 wrote to memory of 1000	4888	rundll32.exe	83
PID 4888 wrote to memory of 1000	4888	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Goldberg Loader + Achievements + StubDRM64\steamclient.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Goldberg Loader + Achievements + StubDRM64\steamclient.dll",#1
  2⤵
  PID:1000

memory/1000-0-0x000000006F5E0000-0x000000006F5F0000-memory.dmp

Filesize
64KB

Download