19ce3f5440bf133ce86f20aa568cdcf56e829876d72b8cf5365dac72e418144b

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 08:55

Target

$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
Size

594KB
MD5

e22d30ccd9508fa74d90dc953221f7fd
SHA1

0ce0a4931c505c4b256864ba3238b33b4d95c957
SHA256

1bf27dc3a21a481abaa141d1a15998e8d07145a17fd803f71bb39adaa17fbedd
SHA512

90bf0f9f1110f7548fea5c9898a2f682e58d396761f38c238583fe7e946e81917e43561b1fa796b686f2d37b7230a8c66b0e090a398a10610d6e1d31b860eade
SSDEEP

12288:XxydaRCcRiEmsnoX0WMU2lK/ICL3HAeSTzZbDTv6s6TcevUGTF1ZDNicx5CIWgNO:3VRiEmYokEYK/IGHWzt03TTm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30
PID 2976 wrote to memory of 1200	2976	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\Toolbar\BaiduBarX_Tmp\BaiduBarX.dll,#1
  2⤵
  PID:1200