34c35e5e18354f9e459e792a3f8bb40af5b18787f0461078ba563b5d49aa6292

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 22:32

Target

Clanwar1.0/CWBase.dll
Size

232KB
MD5

57c74a95f655d746b74b981736b072ca
SHA1

13e48f46e2665df7c1de71610f60889c4d563c66
SHA256

e7d01a944a03e21c344b0eb8ed660c968f652b684560dbb1dbf32935016c73de
SHA512

02efbd97092c50dbf634665940df2d02a6a77f409f0294b620b8d8f894d6f621d458e86ecac3f6062b8e3127ed243e6396c3fb15f9bf3df3f88daf428d4f718e
SSDEEP

6144:V4Y4gMFhpRdS6utRgQLgZ7YGGyo9Ej2SJfgJNmniwWBbLd0AK3LOKAoLfeR:V4Y4gMFhXdSVtStIl9Ej2SJfgJNmnil7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 1916	3076	rundll32.exe	85
PID 3076 wrote to memory of 1916	3076	rundll32.exe	85
PID 3076 wrote to memory of 1916	3076	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Clanwar1.0\CWBase.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Clanwar1.0\CWBase.dll,#1
  2⤵
  PID:1916