fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b

Analysis

max time kernel
359s
max time network
363s
platform
windows7_x64
resource
win7-20240215-es
resource tags

arch:x64arch:x86image:win7-20240215-eslocale:es-esos:windows7-x64systemwindows
submitted
22-04-2024 19:58

Target

$TEMP/PCSX2 1.6.0/Plugins/GSdx32-SSE2.dll
Size

2.1MB
MD5

3b3ddfa31e1553fae90afc2e619aea99
SHA1

e7c71f54ae27a279e2b1cb3fccfbd1faa0532082
SHA256

f26bb9c0c23a2a8a79d7afc96389fb4320dbbf51c3c2bd30d0baac85d8221c00
SHA512

1cb06558b569ec5373335873fd3957015b177adc435ca6ac4a5a037dc57dd9d55eac2d627b4761d7b969523419f95458058e3feba7823a1ce824d9e4a1b27068
SSDEEP

49152:qfagEfo5KFfBjb6w9ITrkqI0Rj+60kJVi10M03IvPJ60JU0WJ461N:qHEf4WBP6wy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe
PID 2240 wrote to memory of 2892	2240	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Plugins\GSdx32-SSE2.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Plugins\GSdx32-SSE2.dll",#1
  2⤵
  PID:2892