90288d98114cb4ceda26d75040725e0bfa68b043c56566aae3429cbca9888ff6

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 14:41

Target

90288d98114cb4ceda26d75040725e0bfa68b043c56566aae3429cbca9888ff6.dll
Size

101KB
MD5

6f70cc1752158d41f06f92320a6544ea
SHA1

10e0267354c69cee8520ac2e2b1e1b6199824160
SHA256

90288d98114cb4ceda26d75040725e0bfa68b043c56566aae3429cbca9888ff6
SHA512

40e4519228a0d33d8dd67b5ab978cf0a258058021895a46d9b956165e949eb5c546e720dfb9fc26ff48c8f44de61712e77a7649a31b35c830d57d4a040741013
SSDEEP

1536:o+aLMI68Kdo+8N8iXeEnVWbtl/4COzJFph6WRo+xTbZLG99sFtlrOI2xx4AIrEzK:PaLU8KU8HEnVHrJJTRfZ69N9/IrEzQ/

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1112	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90288d98114cb4ceda26d75040725e0bfa68b043c56566aae3429cbca9888ff6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90288d98114cb4ceda26d75040725e0bfa68b043c56566aae3429cbca9888ff6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1112

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/1112-56-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1112-57-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download