0187f04a32492734c1c1e6d80621ac5991c5b575a22e9c0d9136c46f591b353d

Analysis

max time kernel
73s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:24

Target

0187f04a32492734c1c1e6d80621ac5991c5b575a22e9c0d9136c46f591b353d.dll
Size

896KB
MD5

1add641fc857cb2a9326c05a39b80da0
SHA1

fdeaa5609676742005bf18165fc0601d30e2e0d7
SHA256

0187f04a32492734c1c1e6d80621ac5991c5b575a22e9c0d9136c46f591b353d
SHA512

3133b935d1252fecdd70d8f51bee30b033371813eec741eb257edba4a5d3e7c296448730ea4181f6157f91a1b79bed3016818adbc8db591e5676e996988391b3
SSDEEP

24576:6EHaLQVJ0JQ4Z+f86g7eCLZyT+dJ+1tuSOjWcCDUiWBwrkR:6EHa/C4C8Z7eeZY+dJ+1tbOnCDTU

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\kiss.she	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2444	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2444	1096	rundll32.exe	80
PID 1096 wrote to memory of 2444	1096	rundll32.exe	80
PID 1096 wrote to memory of 2444	1096	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0187f04a32492734c1c1e6d80621ac5991c5b575a22e9c0d9136c46f591b353d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0187f04a32492734c1c1e6d80621ac5991c5b575a22e9c0d9136c46f591b353d.dll,#1
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:2444

memory/2444-133-0x0000000010000000-0x00000000102E8000-memory.dmp

Filesize
2.9MB

Download
memory/2444-134-0x0000000010000000-0x00000000102E8000-memory.dmp

Filesize
2.9MB

Download