4853f82683b5675ea79d037a9507cb09253ca77b9e024c75944d022c21f6a80a

Analysis

max time kernel
39s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:55

Target

4853f82683b5675ea79d037a9507cb09253ca77b9e024c75944d022c21f6a80a.dll
Size

1.1MB
MD5

0b4d15339779e3c65c3511fb4b921a35
SHA1

b127eaa4d4f9328701ca0aae5123797861555150
SHA256

4853f82683b5675ea79d037a9507cb09253ca77b9e024c75944d022c21f6a80a
SHA512

d4b78754c48eb3880e0d270011284765e8d6a59b5e05c1444d6dc7a36f09e16488c39eb5e69831d0706c3955939eb8599e55db3b086a9cfe64096c4194eae2e2
SSDEEP

12288:Q9GSsLq0uOWZKm/2Y8iljmaDbch4wv2ImqAa1NzWMJ2EaaL0vWqga9kb7:QQSsLq0pCKm/HN/cSwveqAa1ZLYVqb7

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1120 rundll32.exe

pid	process
1120	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1120	1216	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4853f82683b5675ea79d037a9507cb09253ca77b9e024c75944d022c21f6a80a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4853f82683b5675ea79d037a9507cb09253ca77b9e024c75944d022c21f6a80a.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:1120

memory/1120-54-0x0000000000000000-mapping.dmp

Download
memory/1120-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download