405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6

Analysis

max time kernel
3s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 05:35

Target

405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll
Size

476KB
MD5

856987339b28abb608411a89d4809980
SHA1

418957cc5bd165458de30f94cb85c2b129efcf0e
SHA256

405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6
SHA512

6e14090fa7e84ccd34a75e35851c5a4696e3967e184396e98681832ff566b9b4b0a2f1416b8006d7f5d9b347de9d3a3be93dd6ea8a9adf253f70a0e14d28aa7f
SSDEEP

3072:4BQh3NWf2Fogb0JkAFWi6dgCoLoQe1p6vjzlUMqqDRbZo:4ed8OogoFH6dgvXwpi35qqDRbZ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1364	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28
PID 1156 wrote to memory of 1364	1156	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1364

memory/1364-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1364-56-0x000000001CA00000-0x000000001CA82000-memory.dmp

Filesize
520KB

Download