dfca2f1a842aea69a2b0a22ca66fa7852f86259e3da4f576f8ae7fa16f1e9134

Analysis

max time kernel
138s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
08-07-2024 09:22

Target

vk_swiftshader.dll
Size

3.7MB
MD5

18bc68ed1dcefde92428e5b4cc2246f1
SHA1

97f9fefa4a0c618f37e1491483defbf16c70195a
SHA256

8009ded51b17019463525af3e10c184a49e9521f8ec706e2a17a54a24fa93178
SHA512

1ce3c365728c74e9a557453050ed610a3352f81f097bb8a73332426ed99b6607f121642f05c3fdc6a915ec5e9d34c98dec1a996c3e8d12b14b10ada46d20a4cf
SSDEEP

49152:SKgU60a1sbzeSHW6Hqqv+F7b0+OXbAKblaX2Zdvf8UUpJXYQSHqIyQGSgkh1CQdb:XQ0j/HqLcl/lTZLWV3sU0BjXl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2576 wrote to memory of 2836	2576	rundll32.exe	rundll32.exe
PID 2576 wrote to memory of 2836	2576	rundll32.exe	rundll32.exe
PID 2576 wrote to memory of 2836	2576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
2⤵
PID:2836