081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 01:02

Target

Sora - OpenAi v1.1/__MACOSX/ext/php_curl.dll
Size

393KB
MD5

c8cce26e1f5c4ebcaf7d4f6f9cf6f994
SHA1

b174076a6b26e160954572c675cce067ba6582c8
SHA256

05c99429e208bc9f345c791e16dd3f68ec628186d64e2acbc7f2f6dcc877bf11
SHA512

a078e5c1cb37857a8e4f1f8430823466a30b51e22b1136afeb4542091e17c79e278a4fc081dac9ad0f85cfd18a63333aec39ec272b1cbcf78037b85af2fa50df
SSDEEP

12288:rSBvP5GSIn7jEIWIgFXR3js4ASneRKJ8TNrcP:WBnU6IgP3Y4ASxqTNY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2576	1044	rundll32.exe	85
PID 1044 wrote to memory of 2576	1044	rundll32.exe	85
PID 1044 wrote to memory of 2576	1044	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\ext\php_curl.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\ext\php_curl.dll",#1
  2⤵
  PID:2576