485f863fc17e7d50d42810de3bcc3480eb057a384f60fce5f4d0c092bda26a68

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/05/2023, 19:40

Target

485f863fc17e7d50d42810de3bcc3480eb057a384f60fce5f4d0c092bda26a68.dll
Size

5.8MB
MD5

af35dda9ba7bc8b86a1b4bea9a78e407
SHA1

1c828a078f5642e5e5cf7f8a145e9d3dc42ff0ca
SHA256

485f863fc17e7d50d42810de3bcc3480eb057a384f60fce5f4d0c092bda26a68
SHA512

302cf86a8e26342e3dac6377d7163b131f605f322798d5bc4983f0996af7eed11f09c58425a2dd4607ad0b137f3a55e15822e552f0e2815355a5d24f3d054805
SSDEEP

98304:hI4cbmoX169KKTIz1ilEFAjcg2A1ly9rAG3dM2PV/mKrJ27qzUbrx5Mp8Pvf5n:hiHX8vTIZQG0weJOdX4oe5E8PH5

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1428	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28
PID 1324 wrote to memory of 1428	1324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\485f863fc17e7d50d42810de3bcc3480eb057a384f60fce5f4d0c092bda26a68.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\485f863fc17e7d50d42810de3bcc3480eb057a384f60fce5f4d0c092bda26a68.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1428