b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3

Analysis

max time kernel
34s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 22:07

Target

b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3.dll
Size

169KB
MD5

482d1c34de432be0bc6cbbeff6b5a083
SHA1

adeaba9cf1485384d23d7ba25042ad9f243d7fe0
SHA256

b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3
SHA512

e2d6a7b0340bec0e40571e3979bf5be8ed757da897d5f38f47fcf1c522cdb88f10ed9e054cb4eb9edcb2c96d2be52fe5f33ad58f05dc16ef0eab7e784509014e
SSDEEP

3072:a9YVJYERVcUtjb6enhJn1tjsbfPqbWmAic8cevNb9iGQoU5XvOIj:zcKP6evjsbHqqmAixcmQd5fb

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1788	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28
PID 1112 wrote to memory of 1788	1112	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1788

memory/1788-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1788-56-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1788-57-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download