c5a44b3d265b10212fe02cc581453d1fe751d30091282e1e2217c73ab196a232

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 15:00

Target

resources/app/PKVSKeyChecker_protected.dll
Size

1.5MB
MD5

9d9a5510ce95e78cc0e1ab6895a6dc34
SHA1

5e01b0f6edab0431612e8dbe591a131c74bba074
SHA256

3a864ebfa9221563136da3324a863de9e568620669de9e4befbf5778e196670d
SHA512

715a1b5af3aa11ca35757e37a03a0c6466bc3f05b84abba1f804221bbd18f33c92def1161e839f0ef9eca6d16ecde216222e040c6a9c168700f8407260301658
SSDEEP

49152:KLvMiUFBP3w3VUzZMRE3O0JKOgCUYqZEAm010vKN0j:KNW4FoOREOqKOgjYqZEs1qKN0j

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28
PID 1464 wrote to memory of 3040	1464	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app\PKVSKeyChecker_protected.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app\PKVSKeyChecker_protected.dll,#1
  2⤵
  PID:3040

memory/3040-0-0x0000000074600000-0x0000000074791000-memory.dmp

Filesize
1.6MB

Download
memory/3040-1-0x0000000074460000-0x00000000745F1000-memory.dmp

Filesize
1.6MB

Download