9509248da43f799d991930a934a44cee93932787d3d282bf2aea88004fc1f466

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 06:53

Target

9509248da43f799d991930a934a44cee93932787d3d282bf2aea88004fc1f466.dll
Size

69KB
MD5

dbd4f77dcee65966e203a19711d4ad70
SHA1

c745002d480178fa22c3d356b1fafafe8567df4f
SHA256

9509248da43f799d991930a934a44cee93932787d3d282bf2aea88004fc1f466
SHA512

c83b3909508fc30f67fabb442c3a8d8365e1023cf73b22aee123882b34b280fc9933ac7d7ea213359568a709dc02f0c1f47ca28c90c1ab25a0ed3f8a1e1e634a
SSDEEP

1536:8MeGoKYms/wYW6eJxARnRRLJKjCSPPlJ9qHJPnicOoptUabEXCbaU/bfS1uyM:qTu6wYRcAnLSPN6wQbaC7ouv

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1172	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9509248da43f799d991930a934a44cee93932787d3d282bf2aea88004fc1f466.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9509248da43f799d991930a934a44cee93932787d3d282bf2aea88004fc1f466.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1172

memory/1172-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1172-56-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/1172-57-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/1172-58-0x00000000006D0000-0x000000000075D000-memory.dmp

Filesize
564KB

Download