7f5763d7ce5c05e010b412f99192acebbc484200fed75344ef61e4ba8c0dc496

Analysis

max time kernel
206s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2022 03:13

Target

7f5763d7ce5c05e010b412f99192acebbc484200fed75344ef61e4ba8c0dc496.dll
Size

59KB
MD5

e2574d1b7a9ced727cc9250b5e1d2cb0
SHA1

ff1bd2d7e9f80e4effdfd28224e14c17b317fcf6
SHA256

7f5763d7ce5c05e010b412f99192acebbc484200fed75344ef61e4ba8c0dc496
SHA512

a69508398d9cf77abf189f1aa515bf96ac414df5657ce67a6e6d367ff064e8abe14b0d4181f66c88dcad12fd225627dd813feae273ab8901ec31d2878067ae43
SSDEEP

1536:6ONP97egpJSc+PWdiXudDpW3WwqAEgDXjaWS9:l9esJSMFtI7zVan9

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\tiyojula	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\vatanahi.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5048	rundll32.exe
5048	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 5048	768	rundll32.exe	83
PID 768 wrote to memory of 5048	768	rundll32.exe	83
PID 768 wrote to memory of 5048	768	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f5763d7ce5c05e010b412f99192acebbc484200fed75344ef61e4ba8c0dc496.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f5763d7ce5c05e010b412f99192acebbc484200fed75344ef61e4ba8c0dc496.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:5048

memory/5048-133-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/5048-134-0x0000000000CD0000-0x0000000000CD9000-memory.dmp

Filesize
36KB

Download
memory/5048-135-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/5048-136-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download