ec6fc79710a6f7dba4f298cad2a701623c4b17f5187744d8053ec300e95ea33d

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/04/2023, 20:29

Target

ec6fc79710a6f7dba4f298cad2a701623c4b17f5187744d8053ec300e95ea33d.dll
Size

696KB
MD5

7d91d65dc7d3168e0e570000f5025e3c
SHA1

137af4138f5c9f81690b942e4ce1e0988dd63708
SHA256

ec6fc79710a6f7dba4f298cad2a701623c4b17f5187744d8053ec300e95ea33d
SHA512

764f84c8df1c97cc62f9ef0a9d53b9e9a1cd6989314108abcad57f7aab38f35eb913f6f573df4719d5575166a75cc1d6f5189f884847c4c136c34645efa12e21
SSDEEP

12288:Xi/JDpGQ3bPa7PPZmMoQUxEDbqEU86VY77:Xi/JtGQ3bEHQMLU4bqhrVY77

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1108	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27
PID 1344 wrote to memory of 1108	1344	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec6fc79710a6f7dba4f298cad2a701623c4b17f5187744d8053ec300e95ea33d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec6fc79710a6f7dba4f298cad2a701623c4b17f5187744d8053ec300e95ea33d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1108