fcb7deadf5624935d8d694846aae541f192d6aa5d30411f3398d72bbb134576c

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
27-11-2024 10:02

Target

ProjectXOX/updater/libcurl.dll
Size

532KB
MD5

8da7e810e0f12b16fe6087aadda7a69c
SHA1

e76539074da170bf52a9cc06863ff8cb498c76e6
SHA256

79f567797066f6206ea870ffda11cf92612aea0ee3a26582be38ddd0fd51fa53
SHA512

7d9d40e501c9128cb81af785091aaca60b8b92af57a69f1f498bd810431e3521f9431161f8c3e4061b7e0ba2c3dfc8034e66bc4c05f5e39941623b04d367775d
SSDEEP

6144:y6NI7/hgoJrPOkFVuW6ZoiPPnk/9AAQIPGBxTShA9ZvT6QKob6LHywHFE1P+wTt4:u/ZhPxVOdk/4IPETvzhHuzE1P+wTt4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2016 wrote to memory of 2148	2016	rundll32.exe	30
PID 2016 wrote to memory of 2148	2016	rundll32.exe	30
PID 2016 wrote to memory of 2148	2016	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ProjectXOX\updater\libcurl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2016 -s 96
  2⤵
  PID:2148