66745a4257b713585ce8e7b16edd8ae00d247f713ad6ea02dc4c39ef94b8c677

Resubmissions

28-05-2024 10:29

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 10:29

Target

swiftshader/libEGL.dll
Size

366KB
MD5

b14e9a3b571cebb2db5eb64d5274b4e5
SHA1

3a30a13a61f2188c68ffeb83095279aca832eaff
SHA256

998ad01a7ad339373e499cc654a033be61b3796eab8880f34d453bbb774e318a
SHA512

5e1fa9c35ae896393840572f1bcaf26ff18a1d9aafc3504e8a6a1029a0f3e336e8ca06f07ad37371af690989fc4df174f721e9afe7ba7e00e13cbebbb520e808
SSDEEP

6144:M0xXgHVFDxkm2nh/nyce87Xi4dlwhNEkqZCC9uZaWPJqSpdZgO2J4+b2T:Lh/Ze87Xi4dCC1uZaeZxn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 436	2744	rundll32.exe	83
PID 2744 wrote to memory of 436	2744	rundll32.exe	83
PID 2744 wrote to memory of 436	2744	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
  2⤵
  PID:436