d5c55dc4f564a225309306d1a2515c3ee48d4dc040960bb6fa68f76e45e8f47a

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
17/12/2022, 19:23

Target

d5c55dc4f564a225309306d1a2515c3ee48d4dc040960bb6fa68f76e45e8f47a.dll
Size

888KB
MD5

8c143beac3169ec113927a83d70a7ab4
SHA1

af6134f540788c3d407af5eaa2112da2fc494b5f
SHA256

d5c55dc4f564a225309306d1a2515c3ee48d4dc040960bb6fa68f76e45e8f47a
SHA512

4eb8041eb44d4c65f9e4be99e796734136be51c1cba19695fc13ca97f17a199d98cacf6132ce261425c171dd1b8ecc7473c30298b809feb5a576ab81ac1e8997
SSDEEP

12288:OBvogOJXz3kvftD6FREgGfaziMElEkYe7F3sUlsYN:OBAr0v1D6DE1faepr7F3CYN

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1476	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28
PID 1216 wrote to memory of 1476	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5c55dc4f564a225309306d1a2515c3ee48d4dc040960bb6fa68f76e45e8f47a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5c55dc4f564a225309306d1a2515c3ee48d4dc040960bb6fa68f76e45e8f47a.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1476

memory/1476-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download