c5a44b3d265b10212fe02cc581453d1fe751d30091282e1e2217c73ab196a232

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 15:00

Target

resources/app/PKVSKeyChecker_protected.dll
Size

1.5MB
MD5

9d9a5510ce95e78cc0e1ab6895a6dc34
SHA1

5e01b0f6edab0431612e8dbe591a131c74bba074
SHA256

3a864ebfa9221563136da3324a863de9e568620669de9e4befbf5778e196670d
SHA512

715a1b5af3aa11ca35757e37a03a0c6466bc3f05b84abba1f804221bbd18f33c92def1161e839f0ef9eca6d16ecde216222e040c6a9c168700f8407260301658
SSDEEP

49152:KLvMiUFBP3w3VUzZMRE3O0JKOgCUYqZEAm010vKN0j:KNW4FoOREOqKOgjYqZEs1qKN0j

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 884 wrote to memory of 3068	884	rundll32.exe	79
PID 884 wrote to memory of 3068	884	rundll32.exe	79
PID 884 wrote to memory of 3068	884	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app\PKVSKeyChecker_protected.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app\PKVSKeyChecker_protected.dll,#1
  2⤵
  PID:3068

memory/3068-0-0x0000000074D30000-0x0000000074EC1000-memory.dmp

Filesize
1.6MB

Download