041fc3abf8578ddcead5a8c4a8be8960b7c4d45b21d3370ee2683605e86a728c

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 14:01

Target

scrcpy-win64-v2.6.1/libusb-1.0.dll
Size

214KB
MD5

ed36aa73c5156fdc6dcf4d8841a88122
SHA1

2edb73b0b8241ae8c3e27bb0dd30a87e6ebb6790
SHA256

2d82fce7d8e745084770e51eeee29bf67fa24e76b83fcec886ae51f5c93cf3cb
SHA512

8d1be09242052b250f9cc834a219012a163e566906b5b229613e934182d35bdc965a1dfd32a714cb538965d8f587ff94d9486c9aef8b50da4f62b17375cfda18
SSDEEP

3072:Qn7BMiA/L4IA7m4K30ch+TgNrum0ib9FTnZD1yW9Du+E1YeRz6ZvZ/tKausV0Bf9:QyP/Q1KT0iVXD7AOZvZbyBYP3W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.6.1\libusb-1.0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1624 -s 84
  2⤵
  PID:1496

memory/1624-0-0x000007FEFB220000-0x000007FEFB25E000-memory.dmp

Filesize
248KB

Download