abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 20:13

Target

abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll
Size

30KB
MD5

83a2cace740c055e16c0c28a5744a7e8
SHA1

8a477e1b7215ebde37d13a43f7c30e7a4e6b336e
SHA256

abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137
SHA512

f1156c46f5217658dcfebe73e9cd74c674e6aeda23ceea532dfa66bee4a93eaa3c076f9bd96b475678d08f6706c10eadd4223766ed82b726d3ca7c7f5d6f31fb
SSDEEP

384:z9OQ24bluDAq3m6j6yq/8H5v2XIgtwh+oYcWS1hKdvGIuIIA76UGy:5F4DV+/8H5OXBcUfL4Imord

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1996	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27
PID 1984 wrote to memory of 1996	1984	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1996

memory/1996-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download