b70f4b1ebc2369923141cfc9fef91fc61080aa7765077c71ade76ac649010ab7

Analysis

max time kernel
32s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/07/2024, 17:36

Target

steam_api.dll
Size

694KB
MD5

837a65208b1c41cda4298e6103d8b5a3
SHA1

1d3bc8e45958c10fefa63ef3e5f288a619cb3a09
SHA256

b70f4b1ebc2369923141cfc9fef91fc61080aa7765077c71ade76ac649010ab7
SHA512

7fc846e0396e0417969f26cee86fe5b6e827d1cd7dc686572b4a3e005345d5e6ef96ee751d141316003fbdc9aa720cf4b3a90996311681b00ebe71a62b4b1da8
SSDEEP

12288:mZpCEnfTutMAVymgpCZ5108aEJd2w2fSs2xt3GkxeLgcbJyf/APo/8F/fQpDl5Aq:MCZ5108zJd2w2fSs233GkxeLgcbJyf/T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	2908	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 2908	3880	rundll32.exe	82
PID 3880 wrote to memory of 2908	3880	rundll32.exe	82
PID 3880 wrote to memory of 2908	3880	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
  2⤵
  PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 632
    3⤵
    - Program crash
    PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2908 -ip 2908
1⤵
PID:3928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1672