1b49d9224bd1ad3a0ba5f6ef2f9c73720fde1d68af43885919c253435aeb0baa

Analysis

max time kernel
300s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 00:40

Target

Kiwi X External/runtimes/win-x86/native/onnxruntime.dll
Size

11.2MB
MD5

d27ed59a246246755d83e24d9353f097
SHA1

dd9a53b5e02a48914285d2299a81d465fbb2f42e
SHA256

add0f3e61da2e80773969eb6d0d68defa746bf490bce9b3a5f0776d66e1a6e57
SHA512

1703bb63c1ec1c172d96d24d64d4969f607998054109caff2cbd03adf99b6b16a9bc94bb88b21f2e6735a4f43afecad5531e21fbc83d64e0aeba2a81b8b093ee
SSDEEP

196608:3E0wZ5WMdyZ6FA2Xl7bwkh2X7VbYUazxdk/kKpfta7ybevwW3/Ojg548AcPH+5:3bwZ5WMdys717bwkh2pYUazxdk/kWlK4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3324	4660	rundll32.exe	84
PID 4660 wrote to memory of 3324	4660	rundll32.exe	84
PID 4660 wrote to memory of 3324	4660	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Kiwi X External\runtimes\win-x86\native\onnxruntime.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Kiwi X External\runtimes\win-x86\native\onnxruntime.dll",#1
  2⤵
  PID:3324