e1a876852a42d221b5bb7a2d934e50c31d2006f9df258dab589b0078cc6c63f3

Analysis

max time kernel
93s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:55

Target

GamePingBooster/SQLite.Interop.dll
Size

1.2MB
MD5

eaebd32500264123ef3f2a4cd2aee629
SHA1

ee7976940c545759bbb0a0047f0fa6cd970c30f5
SHA256

a7f95a7eed84db9cf419c03a7c05231fdedf3a042fd10259e6938eedbda3a1ac
SHA512

fcfdf839d7bfa920483314e3e3ab0b0c83669883a6c5c7abd5966fd7ca14940bb07dab219dc22031941e4155b2f4fc7bd8fb76c639b191dce052df7f537da62b
SSDEEP

24576:RKE4r0RaYdKYR7KtLqUmZRDiJC7Z2CQiQYZh5YAIQLs:8hr0RZ5RGtA0KpcYZ8tEs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4264 wrote to memory of 468	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 468	4264	rundll32.exe	rundll32.exe
PID 4264 wrote to memory of 468	4264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GamePingBooster\SQLite.Interop.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GamePingBooster\SQLite.Interop.dll,#1
  2⤵
  PID:468