3f32ec05060f381aa1b6663ccfcb3ff710b2813b953d180b95b3518a5139007a

Analysis

max time kernel
31s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 00:08

Target

3f32ec05060f381aa1b6663ccfcb3ff710b2813b953d180b95b3518a5139007a.dll
Size

384KB
MD5

44da9f4aaf7026e305516d93c8aa3685
SHA1

1de6e4eea9115605b1b1bdd094626f6d89eec9b2
SHA256

3f32ec05060f381aa1b6663ccfcb3ff710b2813b953d180b95b3518a5139007a
SHA512

0ddaf60b5d399e2611c4487e4ab44a9b235218ab40e6a9f68e1749b742a4b70708569f8a6a076c758ce2406daf630c64d6620b51a78b74996db635c94dc2355a
SSDEEP

6144:4ZFeM1qzrxv1pybOoFUCCBcgaFbcgIRO9:4nT1sv1pJFmga1c

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1536	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winsieprotect.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1536	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1536	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27
PID 908 wrote to memory of 1536	908	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f32ec05060f381aa1b6663ccfcb3ff710b2813b953d180b95b3518a5139007a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f32ec05060f381aa1b6663ccfcb3ff710b2813b953d180b95b3518a5139007a.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1536

\Windows\SysWOW64\winsieprotect.dll

Filesize
196KB

MD5
dc2895181a95f1ca38008d8407c241a1

SHA1
d0905cf80244412b60d70f733aa8ab6cb3e70d3b

SHA256
3cdd92c9993b37661fd3ae5f766abcfa4e6d337d9a514a7d63a726ea9b7d4fb5

SHA512
aec16bdd96c552f7aabd9277212bf1900ab7ffd54c4bb46a0eb7aa9e2425b0d090179f10c2f1a0a0c5f4cb36209047aad60d46927ee6bd10980e4220a28838cc

Download Submit
memory/1536-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download
memory/1536-57-0x00000000001E0000-0x000000000021E000-memory.dmp

Filesize
248KB

Download