c8a68963ab7c417d7ac0f421a40441e420340806731d0b0b1c0618077bba232c

Analysis

max time kernel
13s
max time network
35s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 04:28

Target

Self Defense Dojo 1.95/baselib.dll
Size

395KB
MD5

42c6e4fddb289bb719283b0fd6d7648d
SHA1

8ee4c11528b9fb77970ac4db08bda42dcfb61361
SHA256

d1c97e512e2d56d3594ca4745b433a5d2ab54d9e1281f34b850a102e0bcf4ebe
SHA512

241fab23a2706f50137b8b5bf3c78af326e7d27316a4f8030e943bcf10587216b6f9b45433e71e311f1d3289cf7395067d54e7a28d0ade0a6a078525742ef5c7
SSDEEP

6144:TmLYuq1+dNhJ6d0BNxcHqT4PxAVsyyhcm7vv78sdTW4FYVXpy3XVvfBHQ:yYuamvq+GyYoGdb1u

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2060	1500	rundll32.exe	28
PID 1500 wrote to memory of 2060	1500	rundll32.exe	28
PID 1500 wrote to memory of 2060	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Self Defense Dojo 1.95\baselib.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1500 -s 80
  2⤵
  PID:2060