a31bc337b824b488e3063e6833dee638e58da7b45bf644e2d10850ddc64b15af

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 22:45

Target

a31bc337b824b488e3063e6833dee638e58da7b45bf644e2d10850ddc64b15af.dll
Size

707KB
MD5

5aa48c4500cc50d668727ec7d3843ca8
SHA1

357f34475e6801bebe654f6d1cd2f0c074828e9b
SHA256

a31bc337b824b488e3063e6833dee638e58da7b45bf644e2d10850ddc64b15af
SHA512

d38bcdcb181bc53c54f04546181237d465ef27960b9cc0677b24f9f8300049260d8168343b1008aafc6f32e66e60c8bb2637c9eb1dced0f12438fb3ecd67d774
SSDEEP

12288:HwC6SaDVeSf3Cx76Beg8TrsVHpjoRJrMl+yizM8ovsJtmEKbSiOe:QC6pCx7ob8aJjoRJr0+88GsJ8EKbbO

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
788	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a31bc337b824b488e3063e6833dee638e58da7b45bf644e2d10850ddc64b15af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a31bc337b824b488e3063e6833dee638e58da7b45bf644e2d10850ddc64b15af.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:788

memory/788-54-0x0000000000000000-mapping.dmp

Download
memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/788-56-0x0000000000160000-0x0000000000163000-memory.dmp

Filesize
12KB

Download