a74f97059acbd38c8f0ebb92e23f1f4e04d4ce53ffdeb43b154486f3758445a0

Analysis

max time kernel
40s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 22:23

Target

a74f97059acbd38c8f0ebb92e23f1f4e04d4ce53ffdeb43b154486f3758445a0.dll
Size

64KB
MD5

9cf1b96d7cc831e9c7b5e6bb6c953c1f
SHA1

e5dd4764298e6ca5a946925bd5c7b8513d09ed80
SHA256

a74f97059acbd38c8f0ebb92e23f1f4e04d4ce53ffdeb43b154486f3758445a0
SHA512

c39cfcc24777ec9d699beea2d844f81b234f8fcfd077ac8592a4c6a0877594e34355cac15db283c674efe052e7bc543a5804fb9f78977ffd5523de68ce8f13b0
SSDEEP

1536:MSkwSiDNTj1fdNFmm31nK9S0w7z1yF9+RxROi0X:yxixTRfdNQS0Sz1ySRxROi0

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1928	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74f97059acbd38c8f0ebb92e23f1f4e04d4ce53ffdeb43b154486f3758445a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74f97059acbd38c8f0ebb92e23f1f4e04d4ce53ffdeb43b154486f3758445a0.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1928

memory/1928-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download