2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 04:54

Target

HShield/MapleStory.exe
Size

3.7MB
MD5

a4876687ffc82b1898bdb7e4f9f08f93
SHA1

5852b32a4f8c029e7f830a4a76f1b9d0e5e58412
SHA256

5d280cf1c5663e925104736e73e5715a5a529d25420babf410cc411b37940f4d
SHA512

1382a742aa6db390edfacab700161297334310800b949d49f70aec683df470c326fae260a4b65580e74e5054b605cc64b60480d9e28f3f89c9b579eeee2d974d
SSDEEP

98304:pCbYhxqt2eaKanM1zdDOGtrCiobS58NR8kJ1esC:p+Yfg2igMdDOaCif8N+kJtC

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2932	2880	MapleStory.exe	28
PID 2880 wrote to memory of 2932	2880	MapleStory.exe	28
PID 2880 wrote to memory of 2932	2880	MapleStory.exe	28
PID 2880 wrote to memory of 2932	2880	MapleStory.exe	28

C:\Users\Admin\AppData\Local\Temp\HShield\MapleStory.exe
"C:\Users\Admin\AppData\Local\Temp\HShield\MapleStory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\System32\pcaui.exe
  "C:\Windows\System32\pcaui.exe" /g {11111111-1111-1111-1111-111111111111} /x {b7f60cfa-b5e1-49c6-b664-4e41ad8d01ae} /a "Maple story" /v "Wizet" /s "Maple story is incompatible with this version of Windows. For more information, contact Wizet." /b 1 /e "C:\Users\Admin\AppData\Local\Temp\HShield\MapleStory.exe"
  2⤵
  PID:2932

memory/2880-0-0x0000000000400000-0x0000000000DDA000-memory.dmp

Filesize
9.9MB

Download