bf9d69e6915433b07dd24880e21f6625621b7c35d2f6e01c7ebf55056fa9db29

Analysis

max time kernel
69s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:50

Target

bf9d69e6915433b07dd24880e21f6625621b7c35d2f6e01c7ebf55056fa9db29.dll
Size

936KB
MD5

e19d6746df78bb445ba65785e3935046
SHA1

44b6e187f12c2adf8d5cb1c95f8663374a87c305
SHA256

bf9d69e6915433b07dd24880e21f6625621b7c35d2f6e01c7ebf55056fa9db29
SHA512

5e867a89caf66d64d5601844dc914b9a55c8e29c81c1747374a658e94c339d4ff6d4ba872cd786cf6ad3d3a75244e6efe68ba34c3d901bb4a1d46aeb80b7e42d
SSDEEP

12288:GQqPOnD5PM0N9SFm4o7M9AKDlg3l1zAAzaBpz1sDllSR:GQJk0TSFg7zzAl1suR

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

764 rundll32.exe

pid	process
764	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 764	1516	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf9d69e6915433b07dd24880e21f6625621b7c35d2f6e01c7ebf55056fa9db29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf9d69e6915433b07dd24880e21f6625621b7c35d2f6e01c7ebf55056fa9db29.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:764

memory/764-54-0x0000000000000000-mapping.dmp

Download
memory/764-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download