a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 10:38

Target

a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll
Size

308KB
MD5

9bf2eac3183086b2e6491bd518285a44
SHA1

73a8c1505546b7a656faac2de652c514e87e8ef1
SHA256

a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d
SHA512

3dd743f3ec20647543287388e67fb38f9668547585f1199f084a1d4fdda08f87b97acc8917c0be6a2405fa929bc8405b983614e91af681512559ddf6509426ca
SSDEEP

6144:U6iPELHgnrHc0BNPEAIzclobAXdK0CBxCnouuoO85t0NyakXSDoKBVPK:U6Q8Hgzj2zQXdKnxDe0Qakd8K

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1344	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1344

memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/1344-56-0x0000000010000000-0x000000001009B000-memory.dmp

Filesize
620KB

Download