35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
19-02-2023 04:47

Target

35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll
Size

437KB
MD5

601d1a8fd2efd5d524c36fddca3f64af
SHA1

96ef20d9e6b79c873fe367976b362f57c5feab4a
SHA256

35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9
SHA512

a1af010d193f1c82941005d47bf4a55d9b961e18ace062c4206a94cb60e1e3f15afb23df95afef2675a9d3835737004204485bf171c90c5d16a93ed8f7bd0f67
SSDEEP

6144:5oNPAqviXmC/r2ck6YaCBdX26Nu2NwA97YSOiWOpkTcc/y8rsGVaMZVk4CgOLPDo:6JSrynaCBQgF90cWVgPGVaM7HjOTM

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1712 rundll32.exe
1712 rundll32.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1712	1208	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1712

memory/1712-54-0x0000000000000000-mapping.dmp

Download
memory/1712-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/1712-57-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1712-56-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1712-58-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1712-59-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1712-60-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download