193fc6d31895e5009388822323aa1ba1f2361b0f30700537e7b97a0fd5b93064

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 12:15

Target

DVD.X.Studios.CloneDVD.v4.0.14.549-TE/Crack/Configure.dll
Size

265KB
MD5

58553c1376021c72ef4adbf5d550fe7c
SHA1

96bfb3bbd118a387be6f2211d12e34e01df0dd92
SHA256

cea783dda3999dd2a3235ba2d5488678d78ffef98ef770fb8dc94426177047cf
SHA512

8ebcefcadd1e61929d41b06bfe04fb525f56114585f0f18a3e0b737b714e972de30b4d699db44b1c5a3f21b0dcdc9047cdbc9dd63eda454896543c1bc97b5c56
SSDEEP

6144:FOk1dBQKCW3e0dZfFgCZTdsmnElkA4hf9h1ZqHQ7:FOMt1dTdxGmnOkfhf9h1ZqHQ7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28
PID 1992 wrote to memory of 1672	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DVD.X.Studios.CloneDVD.v4.0.14.549-TE\Crack\Configure.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DVD.X.Studios.CloneDVD.v4.0.14.549-TE\Crack\Configure.dll,#1
  2⤵
  PID:1672

memory/1672-0-0x0000000060700000-0x000000006075D000-memory.dmp

Filesize
372KB

Download
memory/1672-1-0x0000000060700000-0x000000006075D000-memory.dmp

Filesize
372KB

Download
memory/1672-2-0x0000000060700000-0x000000006075D000-memory.dmp

Filesize
372KB

Download
memory/1672-4-0x0000000060700000-0x000000006075D000-memory.dmp

Filesize
372KB

Download
memory/1672-3-0x0000000060726000-0x0000000060727000-memory.dmp

Filesize
4KB

Download
memory/1672-5-0x0000000060700000-0x000000006075D000-memory.dmp

Filesize
372KB

Download
memory/1672-11-0x0000000002290000-0x00000000022D0000-memory.dmp

Filesize
256KB

Download
memory/1672-10-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1672-9-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/1672-8-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1672-7-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1672-6-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1672-12-0x0000000002290000-0x00000000022D0000-memory.dmp

Filesize
256KB

Download