f582897fbb2ea940b8f9653d0d4f5b636979aa585d6578e91c264c086b68e335

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 11:20

Target

f582897fbb2ea940b8f9653d0d4f5b636979aa585d6578e91c264c086b68e335.dll
Size

94KB
MD5

6462cff61615e6bcea384e3a5371798c
SHA1

ad159167859947217ab3a426dac76cd2a45098eb
SHA256

f582897fbb2ea940b8f9653d0d4f5b636979aa585d6578e91c264c086b68e335
SHA512

3f812ca1f7445310c5b961f692b6ba7c59a4355487f0a94729c366adb123b0a0a9b4ffaf3a8d313decfcf0cf329efa1b3e8dadb555d30a19fd5c6188e2468bee
SSDEEP

1536:nCRaijyFJ17lgg9u/R8f2rqE4JZNJ/dNTZuSdKSxuN1fUcPDiMuTI7Kue1AcLbo2:CsayFJ1xFfZnvdNPKSyRpuT8gAuU2

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1696	rundll32.exe
1696	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27
PID 1736 wrote to memory of 1696	1736	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f582897fbb2ea940b8f9653d0d4f5b636979aa585d6578e91c264c086b68e335.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f582897fbb2ea940b8f9653d0d4f5b636979aa585d6578e91c264c086b68e335.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1696

memory/1696-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1696-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1696-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download