de5f1b075626c07fef3091c4fe8e8a4c6cfba3a1a21d5c04756198dc28d86970

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
22/09/2022, 08:16

Target

de5f1b075626c07fef3091c4fe8e8a4c6cfba3a1a21d5c04756198dc28d86970.dll
Size

2.0MB
MD5

164cfcf0a4dcecccf614d18291b9dfda
SHA1

9d9f3805a8cf211f32d2e3fc48682016ed481886
SHA256

de5f1b075626c07fef3091c4fe8e8a4c6cfba3a1a21d5c04756198dc28d86970
SHA512

3fe4da9670e48cdc1aebd069f4d4f2ce497e8756a1779df6c539ed8b9b6bc96a1e4e4b73f2968155f430634ca22216f9e24f88f64476b7c7bcb5ccf081a7db15
SSDEEP

49152:+asR0gR87VJRmA4auXjdh7vykbJQDUZF8j:JU0gR87VJRm0UT7vzbJQDp

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27
PID 2012 wrote to memory of 2036	2012	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de5f1b075626c07fef3091c4fe8e8a4c6cfba3a1a21d5c04756198dc28d86970.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de5f1b075626c07fef3091c4fe8e8a4c6cfba3a1a21d5c04756198dc28d86970.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2036

memory/2036-55-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download