b838add54e0452175ffebf4c557f1ef4870a56a77cd835374c9d69ef59371702

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
17/12/2022, 19:19

Target

b838add54e0452175ffebf4c557f1ef4870a56a77cd835374c9d69ef59371702.dll
Size

808KB
MD5

3155dca8b14c96a40bcceb717883848d
SHA1

5493bf19f6cf143b3bb630af9a1a5231d40bd7b2
SHA256

b838add54e0452175ffebf4c557f1ef4870a56a77cd835374c9d69ef59371702
SHA512

163d87cb14ebdee636b74248e3b509c7d799482b863ee0d51a39b3e4745bec3cbe181f81c674b8fcd4fd57891ce1301e2c4306c70a5cebd7a251da965424d9b1
SSDEEP

12288:6lmRbu0pwl5DIbpT10ELidsD2K6jm1FXRZMhEwdpMxHil5SSjJWnjP7c:PUl5MbpTBGU6jm1aVdKgl5SSjJWnc

Score

1^/10

Suspicious use of SetWindowsHookEx 6 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28
PID 2024 wrote to memory of 2000	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b838add54e0452175ffebf4c557f1ef4870a56a77cd835374c9d69ef59371702.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b838add54e0452175ffebf4c557f1ef4870a56a77cd835374c9d69ef59371702.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2000

memory/2000-55-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download
memory/2000-56-0x0000000010000000-0x00000000100E3000-memory.dmp

Filesize
908KB

Download