45b53301ec497b73fb73847ba0010d7b59cb19b65cdbeaeafc6b07c392cc4436

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-10-2022 23:02

Target

45b53301ec497b73fb73847ba0010d7b59cb19b65cdbeaeafc6b07c392cc4436.dll
Size

920KB
MD5

e6d96f8e85e3be20f141e7a495f133c7
SHA1

bcaf0b685fa1ace74c3afe88dc53999228490c91
SHA256

45b53301ec497b73fb73847ba0010d7b59cb19b65cdbeaeafc6b07c392cc4436
SHA512

079d26e28dd8ef29150089137f03bf4dd2ef2f257773c49bc39862f8c8953628c7d6d6043c3f703d68e4cf42e03f2b46507ab86e759a9a622cbea5bcb334c932
SSDEEP

12288:MSfUIxdLUUetGiOSzxpDmrWjLkDfZswwKcnprUGetn:McJUpthh1tmabBPpcn

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
340	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45b53301ec497b73fb73847ba0010d7b59cb19b65cdbeaeafc6b07c392cc4436.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45b53301ec497b73fb73847ba0010d7b59cb19b65cdbeaeafc6b07c392cc4436.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:340

memory/340-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download