498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3

Analysis

max time kernel
10s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 03:37

Target

498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll
Size

872KB
MD5

42b7ca713729f059f45df978e3e13000
SHA1

b3630a275345ae68e32d24c0084d8ef4a7f8abae
SHA256

498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3
SHA512

e4f296d289221f611d136a6850df7d6d6a02e0869237504bc49d76d6459c13729e24f3fe555f98053d71dc35efa2966ee832f3b8ff2d77ac2b6dfad695fa99a6
SSDEEP

12288:mTLTXeZ9T6vjVDUEx2wchHgugueZ/G3XuXLXz9:mT+fTWjVDUEx2wch55AG3ozz9

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1948	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1948

memory/1948-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download