5b8b7125984f46bda55aeb7b159463546919a0ad55df44c6b55a86e91eeeb892

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 21:34

Target

红药互赞7.4破解版/红药7.4/tea.dll
Size

628KB
MD5

836049a4fc432984833f322a1089383e
SHA1

ff478a772cac7d405015aab7fcec5a15a6cb87fb
SHA256

6de54c1d7fd3bcf111585d63cefc7b923f6aeb3e353ed209d1c9578300c657a5
SHA512

af22a19b59fa774bceae84d7006b74b479a2d4e6ab275bb048422d3268a029bd598d0b25a3f8cc234ee556746633b6d93a205f809722e3f58ab50a82b71904b2
SSDEEP

6144:4hnA8Yo9juaOBLoDvD5gKlO4wii0lkVI7DY2+cZQHWB7QB7jJ+8abP/7xlXdkQMH:cA83XH5gKl0iV0ktQlLabP/9Bw5Aa

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1372	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\红药互赞7.4破解版\红药7.4\tea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\红药互赞7.4破解版\红药7.4\tea.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1372

memory/1372-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download