a6ba0fab8ecebebd03661313d29ebe1afe36b7b5bfb5bae470b6c38a58916902

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:39

Target

a6ba0fab8ecebebd03661313d29ebe1afe36b7b5bfb5bae470b6c38a58916902.dll
Size

166KB
MD5

aaa018999fa41ccdb3aaa531b43b980d
SHA1

cfe205347c95964a388daee38809e2412acc3f67
SHA256

a6ba0fab8ecebebd03661313d29ebe1afe36b7b5bfb5bae470b6c38a58916902
SHA512

9ec502e40ca6528b30e36e7fa607409d7dcad079df59040729b6330bb368ecf467e94a437b9ebde79a07fcb9c73c6b73065434ad2d4444036904afe9a5a22aab
SSDEEP

3072:ylu+KDib0Z009M07/mvE23bB2dDdzVD4xadj+CzPj5S3HWybb5wm6Ar9gpTOD5ZO:y0+wib8dM0R23AdtVdjx5IzbmSgpTOD/

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
340	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28
PID 1332 wrote to memory of 340	1332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6ba0fab8ecebebd03661313d29ebe1afe36b7b5bfb5bae470b6c38a58916902.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6ba0fab8ecebebd03661313d29ebe1afe36b7b5bfb5bae470b6c38a58916902.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:340

memory/340-54-0x0000000000000000-mapping.dmp

Download
memory/340-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download