9f2745344bea6ae9370c950633774a97d9da45938e7c1ca7bbc826bd2d915823

Analysis

max time kernel
162s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 00:23

Target

9f2745344bea6ae9370c950633774a97d9da45938e7c1ca7bbc826bd2d915823.dll
Size

900KB
MD5

8e3ca0d8ece83327e9bd8715447fa1d3
SHA1

88743de5a65d28d7a5f60b6db98b3d9a935b7d0c
SHA256

9f2745344bea6ae9370c950633774a97d9da45938e7c1ca7bbc826bd2d915823
SHA512

29b77d7beb3010f305c1f30e7715c6247c78b1773d8ad267f3ade0a56007ece735419eb9b887bdc0d2d10b522d03e3a766d6008c86f5e3d3484cb3714ef0cec2
SSDEEP

24576:GzEDbSoF1lMV3ubg87OjWcCDUiWBwrkne:GAhF1GV+L7OnCDT7

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\kiss.she	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2248	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 2248	4084	rundll32.exe	83
PID 4084 wrote to memory of 2248	4084	rundll32.exe	83
PID 4084 wrote to memory of 2248	4084	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f2745344bea6ae9370c950633774a97d9da45938e7c1ca7bbc826bd2d915823.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f2745344bea6ae9370c950633774a97d9da45938e7c1ca7bbc826bd2d915823.dll,#1
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:2248

memory/2248-133-0x0000000010000000-0x00000000102EA000-memory.dmp

Filesize
2.9MB

Download
memory/2248-138-0x0000000010000000-0x00000000102EA000-memory.dmp

Filesize
2.9MB

Download