a13fad0d43b3db3b1f78118c3591a42cca0ed4373414ed82f2351719b2901b92

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 06:00

Target

Triworks/乐音 3.0 (Demo)/ltkrn11n.dll
Size

348KB
MD5

efcc6e211d6ca550f0032c5798b46352
SHA1

9489dbd676673bc6069c9aac15521c7bc9f0802d
SHA256

28451bdae5650563989dea734d6d6fc3abe6bcb71c3e6663f750419fbe59c746
SHA512

e4126a0a64d0244f55cd324cc373b3370480eeac84d08a650cc13970940fae36e5c348626ff3af95665521129d1857d23475e0617fd40570e18617525cc9f3eb
SSDEEP

6144:dn+TTB2FuWBOLEGEKc5j8ORT9R4BsWiKwzmiw0LKF3WW:d+VcpL9R4BsJKIw0OmW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe
PID 1732 wrote to memory of 344	1732	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\ltkrn11n.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\ltkrn11n.dll",#1
  2⤵
  PID:344