a4b64722382a67b8b540590ea4e993cee5e7e60b46f46778145d88da7369c7bb

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 17:07

Target

DiscordBoostTool v1.35.0/GoSrp.dll
Size

2.3MB
MD5

b1e99d702b0324e19b8cdc5aa8c9cd2e
SHA1

1473b708f7c516dc31612c74cb773396f3f7ca93
SHA256

e2a69763eb347b86c5426a5028650388be585df43cbf03beb576acd095038296
SHA512

3afec80909a88ffa8a760c6b156e998504f148455bf514512bc8812e390c59835e9a8cce57b041154c894915e47c40750eab66d84c4d7eb1f0257cf177481442
SSDEEP

24576:Z3rEK7jLQfvtqvZ8UaqvFbK8qUhk8GJXiV6doA+4MHPEBm3KXUQwFAR8YtVrm7C8:ZQdkK8qU6BWStV+Cz8MVZ69rF1Mr3iHr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28
PID 2072 wrote to memory of 2560	2072	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\DiscordBoostTool v1.35.0\GoSrp.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\DiscordBoostTool v1.35.0\GoSrp.dll",#1
  2⤵
  PID:2560

memory/2560-0-0x0000000074740000-0x00000000749B9000-memory.dmp

Filesize
2.5MB

Download