e395e57942312102974b105a39c503ee50f359b7548da21a77b52942a07e6f97

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 20:21

Target

$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
Size

991KB
MD5

f1f20db0bdf5f5ab4580d1b858a206a2
SHA1

45bb35f0e7c7cde01a91b6098c081e6029c5770e
SHA256

23d813802cdc03af3fd198186528c074c259eec88e034850a31acd7a6be91943
SHA512

1f25c731efe052cc19cb63ce9069cf08f39c83dfa793407217d8f19be3471b746e26b4728e88056e55b1f30741619fce4ecaa9e3f315d3bb6104be451e84b6b5
SSDEEP

24576:KQYY1Sqcx0Zq7loVPU/uAQgTdV+Lb8dzh6cG9a0+gt6kprMzwxXx6:KY470bLUv62Xa2mXs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28
PID 2184 wrote to memory of 2216	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll,#1
  2⤵
  PID:2216