a1deea5812fdb37484daaa06accdd2040f8a3af12a66498dd7c02eb69335b49a

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 04:16

Target

mods/UpscalerBasePlugin/nvngx_dlss.dll
Size

51.2MB
MD5

217f4069e44c162769bd6f188aa3c8bd
SHA1

e254fca04209541bdee33655316c9c4bcf976c00
SHA256

085c955f29d1e789a3713674d139961e9e685bb6f65b8911bd450984139c8c9e
SHA512

2ba6b312feb731f9e94690acd9426ec080e130de4c416066d71109e164fee11099c5377ae6f5ced8cf100db10487d86d867105be30ef193c771a87f3f65f3393
SSDEEP

1572864:5sJJs/Ku0LsJJs/Su0TXwsRiTmMQEamlvzRQYET+2DG2V/Q:sC/Ku0KC/Su0TXwKy6tCRQ7T++G2V/Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1304	304	rundll32.exe	30
PID 304 wrote to memory of 1304	304	rundll32.exe	30
PID 304 wrote to memory of 1304	304	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mods\UpscalerBasePlugin\nvngx_dlss.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 304 -s 88
  2⤵
  PID:1304