aa159c242c54988920ca64e521b5cb072e63b8970287c910a77efa403ae9155f

Analysis

max time kernel
42s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 16:40

Target

旺旺群发E客服版/handle.dll
Size

660KB
MD5

867cfc1a9f60aebe95aaa38f6f88b2ed
SHA1

f1a5efb7c9f1464f0542d1f96c3a78f2bc70e57d
SHA256

b4141e80b17c71111c0ff1ba92c47e6522625a351aa47c89bbf88f7aaa83c6e2
SHA512

9cf5cb481f79596428acc237be4fe850815f6d95e31472b08790145946a86e41d35c2d16ab85f95edbf9fa191a4f6bff2ab6a45bef18ee4294de48f035f1ca27
SSDEEP

6144:YG5utRSOTufCmLjHkoP6crCFhPLfi1RgK9X/cTJ48FkDBwIBOIvSRTA/TpBAoTXg:Y3tRuCa3P6cr2h89k/kDxBDv7s

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1852 rundll32.exe

pid	process
1852	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe
PID 316 wrote to memory of 1852	316	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\旺旺群发E客服版\handle.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\旺旺群发E客服版\handle.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:1852

memory/1852-54-0x0000000000000000-mapping.dmp

Download
memory/1852-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download