cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 21:39

Target

cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll
Size

820KB
MD5

921e1537c26b4ed529fcb5f28838d696
SHA1

80088390b30002de18c2c5c4df3fadbc497b3ba9
SHA256

cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46
SHA512

ac94ef0e54f6fc7e9d4f35b16add1e63ef155b27fe604dc5866874fcd76378f99bc09137eb33b964c50fc3756f5927176d3f31c68e9549f711ecb0878ca0c2a7
SSDEEP

12288:v3waoOl7hP8XCyjEcPPJuJvEFQJRMbQID8M2SrnJoaibP:v31yBEiP0JvEFQeQsZibP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1560	rundll32.exe
1560	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1560	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1560

memory/1560-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download