8fe71fbb3d8e60f42a4199c7c667c61bfcfe3bdaece1fb6b92f5aec85313359d

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:07

Target

《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/bink2w64.dll
Size

409KB
MD5

23c2a0efd9c074a18ae34b8f4da1c80e
SHA1

366b1b6e4c60061a1185e74c8cb590659bce71e3
SHA256

b346ef15ea015fa77a6deef2fa132d81f72350c21f4ef69360c74e9c9fda0cb9
SHA512

2962b4a9612fd0118e8ed95e711fb8e8390466853b56360281bcefe439dc10c40671391fb7ec0ad791b04f9b15c2e78009601521704e0bf5af77ea947cee6a4c
SSDEEP

6144:kaOvGuRd+kX847b5CK3yy/bwsRJ1N127N7KR0ZX2hlvytVf83e4SqfHeN3R5VbCl:khF/fbjlJrR4XYsVf54SqfifV9K+Ry

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1664 wrote to memory of 2024	1664	rundll32.exe	WerFault.exe
PID 1664 wrote to memory of 2024	1664	rundll32.exe	WerFault.exe
PID 1664 wrote to memory of 2024	1664	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\《刺客信条：枭雄》PC版全版本通用破解补丁\Crack\bink2w64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1664 -s 120
2⤵
PID:2024