4fb092b28b95122be34e8c09046d7d35279021892316987e706df2323f3fc98d

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 16:08

Target

4fb092b28b95122be34e8c09046d7d35279021892316987e706df2323f3fc98d.dll
Size

2.5MB
MD5

21920ba7aa6ec998977800d3a8adb34e
SHA1

10d8a54df5ff3a3e137193e8f01a77d49e300f7f
SHA256

4fb092b28b95122be34e8c09046d7d35279021892316987e706df2323f3fc98d
SHA512

367b2a324cb6fc1dcca27c35b4c1fde95ffaf25fe601b9f12d6faa02388cba8b8bec628fc70d1c7c1ecd5dd69acc021b0b876d9c2c7e082d6330095f9e182052
SSDEEP

49152:mKOy8sKpnfv2OjICTkEJg8PFc/+7g5vtrkVMeXrJc:mKOy8vl1kCTbJg8dc/gg5vdMNXr

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1980	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28
PID 2004 wrote to memory of 1980	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fb092b28b95122be34e8c09046d7d35279021892316987e706df2323f3fc98d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fb092b28b95122be34e8c09046d7d35279021892316987e706df2323f3fc98d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1980

memory/1980-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download