604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619

Analysis

max time kernel
144s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 00:48

Target

604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll
Size

448KB
MD5

e7f4878395dadd49b14390347945ef10
SHA1

33ad326bd5f6d9cab4f4819d8e054cf79b98578f
SHA256

604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619
SHA512

a8de6870a1704217ee61b2e329ca39d09a0d1fe526b350338dffb1f1ab8a87c5a2d0c8ed2f13c7316b7e7eca3495d10030b918fc56f8b743df2562114a304544
SSDEEP

3072:faWIJLbdT3uzcBq747XerfRiNdHT9BFYQo7YH9VLs:pIJLJjuoBq7OXerfR0xB2QMI

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1416	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1416	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27
PID 900 wrote to memory of 1416	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1416

memory/1416-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1416-56-0x0000000074BF0000-0x0000000074C63000-memory.dmp

Filesize
460KB

Download
memory/1416-57-0x0000000074B70000-0x0000000074BE3000-memory.dmp

Filesize
460KB

Download
memory/1416-58-0x0000000074BF0000-0x0000000074C63000-memory.dmp

Filesize
460KB

Download
memory/1416-59-0x0000000074B70000-0x0000000074BE3000-memory.dmp

Filesize
460KB

Download