3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 20:23

Target

3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll
Size

32KB
MD5

57609b84d9aa2937edf66223200bdda2
SHA1

a41f3404d2141c51de253ac32195845ced578021
SHA256

3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5
SHA512

062bf3841231c25c723275fa541d4fbd6efeaf1d74bc5c4522a3ffdfaeb28b9762ff11e01e03ac2f41cc2c9ea763859961b587eaa79f30a90c362ed63dc56893
SSDEEP

768:oofqdJS/bSon6qDQirTu3r/an28q3n+FZ:ooSdJS/WO6mrTu3zan28qX0

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
844	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27
PID 1348 wrote to memory of 844	1348	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:844

memory/844-54-0x0000000000000000-mapping.dmp

Download
memory/844-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/844-56-0x0000000010110000-0x0000000010124000-memory.dmp

Filesize
80KB

Download