385267a11cc318a791e7a74bf78f673ebbaec9fbec431f2dd796ffbdbb18a350

Resubmissions

21-11-2024 12:22

21-11-2024 12:19

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 12:19

Target

citra-windows-msvc-20240927-608383e\avcodec-60.dll
Size

12.2MB
MD5

5c9a91c44c5646c0d7d2ee4cf990cb5f
SHA1

65c34751b36fab3d4bdf6e79e34d1e9ad50c3291
SHA256

639f445c807dfef8a42a5e1bc0b1a19f82fcf2523b46820c60465bd47d8e47a5
SHA512

11f227a0431451e15426e5fd34fcdb69096f50d589762e2f17ff834b32f70d5305c5e707eb61efe07740f2f001405c905a7ebaf5b0e91b4b040a8b14062ede3d
SSDEEP

196608:e2OMOKj4vW05k0p0jNIFMPqsucQ32fOh+ae:wMDjF067WfsucQ328M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2300	2384	rundll32.exe	30
PID 2384 wrote to memory of 2300	2384	rundll32.exe	30
PID 2384 wrote to memory of 2300	2384	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\citra-windows-msvc-20240927-608383e\avcodec-60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2384 -s 128
  2⤵
  PID:2300