6b7a2f8a543ed3ce00006945986f197392d004d8a970aa41bfe3dc3a81c936cc

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 23:29

Target

[cheat-project.com] WinJect 1.7 2009-05-02/skype.dll
Size

56KB
MD5

cfa6d4900586b033a8ef4eb4c00977cd
SHA1

bc8c3f3bb8af9b1f21caedc1a7f01e9641ba4e2a
SHA256

90cc2fa7f1247efacc17cce6ff3f333a908715fb0edf32a18ec68653cd5e75ae
SHA512

a5f5ece284e50e11a1dd706a1748283249b27c409e78f37e95cae0999e6c845fc7306988d23113756036a65203f47f1582ad5e397aa01e4d95b122941935f2eb
SSDEEP

768:hnqmbG+dse6TTj59M85Syk79T2Z9XFLkWovx7:h3Gyse6TTjSRiZ91Vovx7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30
PID 1212 wrote to memory of 1940	1212	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\[cheat-project.com] WinJect 1.7 2009-05-02\skype.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\[cheat-project.com] WinJect 1.7 2009-05-02\skype.dll",#1
  2⤵
  PID:1940

memory/1940-1-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1940-0-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download