bab8b5e74ab7210b030316dd5685f3fdcceac35bd3b3a90e5dd01592f8abb630

Analysis

max time kernel
129s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-06-2024 13:01

Target

NursultanNextgen2024/lwjgl_opengl.dll
Size

7.4MB
MD5

e669283790077343477be2e0a7578891
SHA1

5b6e41b930aedcc1f6ccd9301448e6c0eacc1315
SHA256

b11625c73e8ef0f76058b2ef7d7f09dc3453988eba227e9d7b2310eea923d7a9
SHA512

f81376c9727614d12a1825c71b93024ff9659822f6dc8f660277e85467081e1755ced1e53241d6009b09214c5f7fd0cfab47383bb6a42077757b0bd1cd2fa71b
SSDEEP

98304:8mg7qz9u16T8R2y1fUv50DKKNUqGX1Y5l533y9SSFr32W3:8vqRu16T8RpfSaDKKNUqGX032z3Z3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1292 wrote to memory of 1684	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 1684	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 1684	1292	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NursultanNextgen2024\lwjgl_opengl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NursultanNextgen2024\lwjgl_opengl.dll,#1
2⤵
PID:1684