979ab6c71a5fe59378665b25c6b757a546e796a538c6b783b7c9f0ebd922e103

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
08-01-2023 17:14

Target

979ab6c71a5fe59378665b25c6b757a546e796a538c6b783b7c9f0ebd922e103.dll
Size

2.7MB
MD5

58dec01d12df4d9c4ca8be53dad4a6fd
SHA1

32fce05dc05c03e29efbcba26d6babad2274e5d5
SHA256

979ab6c71a5fe59378665b25c6b757a546e796a538c6b783b7c9f0ebd922e103
SHA512

cd06e25cc16b740aec4f0e4a26639d08c5e6fe388bdfb20a1465eab8fb07de92e0cb48b2e8b6aa9c035699d75d3d410931f2acadec9b8e1518b0e25150718695
SSDEEP

49152:os8fT8O4obvelpZVkla7zvxFark6YW4D9367Ai2LYXE9z1At:os8fIEbMV0a37+YfSAi28XE9

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	1220	rundll32.exe
3	1220	rundll32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1220	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1220	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\979ab6c71a5fe59378665b25c6b757a546e796a538c6b783b7c9f0ebd922e103.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\979ab6c71a5fe59378665b25c6b757a546e796a538c6b783b7c9f0ebd922e103.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  PID:1220

memory/1220-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/1220-56-0x0000000074640000-0x0000000075009000-memory.dmp

Filesize
9.8MB

Download
memory/1220-57-0x0000000073550000-0x0000000073F19000-memory.dmp

Filesize
9.8MB

Download
memory/1220-58-0x0000000074640000-0x0000000075009000-memory.dmp

Filesize
9.8MB

Download
memory/1220-59-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/1220-60-0x0000000074640000-0x0000000075009000-memory.dmp

Filesize
9.8MB

Download