a13fad0d43b3db3b1f78118c3591a42cca0ed4373414ed82f2351719b2901b92

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 06:00

Target

Triworks/乐音 3.0 (Demo)/lfbmp11n.dll
Size

36KB
MD5

ac6b78d94a95af60f64d640e9b1329c0
SHA1

7b45630492efa146d7f084602ef87e01c8d981e3
SHA256

03bac579951f545c8c9ec1c046233bcc64ae4bfbcdf8dcb24a707b9a5700fe20
SHA512

c72877561d91583bbe27da144b8c493fd62bade481e19b542a2f49aff854134d02cad35a98ee6b5b6ba040d109a825b75f757b48c3e9b7aa4b26b778b29a18ca
SSDEEP

768:PGMomi0cW4NOGNzWa2lSMAvXjO74vT0KKbQ1Rnpy9c4hJHxh:O3mi0cW4OGNzWa2ltAvy7MT02Rno9cO9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe
PID 2288 wrote to memory of 2052	2288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\lfbmp11n.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\lfbmp11n.dll",#1
  2⤵
  PID:2052