542d656217c286d03d129b00deca31d183aad356d7460d5b36496713f5fe961f

Resubmissions

30-05-2024 18:48

30-05-2024 18:28

max time kernel
315s
max time network
1591s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-05-2024 18:48

Target

Garrys_Mod.exe
Size

212KB
MD5

3f13ea0edea4c1e2971cdc9c37c64c02
SHA1

44b30d73c361c4bc4e4171901610ab832abcc137
SHA256

542d656217c286d03d129b00deca31d183aad356d7460d5b36496713f5fe961f
SHA512

9a8cfe7472c5b1e8b98ebd6365b14d5f25a46fa0ca527ddfd9c31fecfc2bd14a5aa880d7f6d5a538708a202d452fdcb18298678ce99ffe3855c1d9d3f70b2e47
SSDEEP

3072:7aWvUnoRyS6AgJvVR/p4p0OkK/1o8TBziXMjvgXCCHYnfsb7Khwk8G:ukUnObwq5ak

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4296	revLoader.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 4296	1108	Garrys_Mod.exe	72
PID 1108 wrote to memory of 4296	1108	Garrys_Mod.exe	72
PID 1108 wrote to memory of 4296	1108	Garrys_Mod.exe	72

C:\Users\Admin\AppData\Local\Temp\Garrys_Mod.exe
"C:\Users\Admin\AppData\Local\Temp\Garrys_Mod.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\revLoader.exe
  revLoader.exe -launch hl2.exe -steam -game garrysmod -appid 4000 -novid
  2⤵
  - Executes dropped EXE
  PID:4296

C:\Users\Admin\AppData\Local\Temp\revLoader.exe

Filesize
33KB

MD5
745125c8412cd39ce9de841c7ba79147

SHA1
ccb0a99600a1dfea96fd96f635cc6c6fb091162d

SHA256
5649ecb18a7668d6fa768ca28bface5a5e89ea908950a20ed1cd1b2c1a9a9d76

SHA512
e38d61255e49a160d748c4f51f6d891abf4bb7b3967b771e26120b88f7ceb3071355627a7205697e7075ed5ccc598ee0c69c5b8d969fe9183478f8dbfcedbf07

Download Submit
memory/1108-5-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download