18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 07:10

Target

18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll
Size

980KB
MD5

ba716fca13ab1cd885d4f934da0a3d29
SHA1

e3b8f9db5e8384d14ddac7b3c423f5c9a4b3b229
SHA256

18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178
SHA512

2f02ca2b5ac87bbe5e251ac257bb67cfc76b10502c9857dd45ff00ff3eaa078093a14f7c3d43881194bd241052c9b925427838f6eb41fe2badd5889772230e17
SSDEEP

12288:KnyKe3es5kY/fVjIp39I0Yqdoy06mjOu6tlL6E6J7ntPOG/ySFVmypVAbqHTF0vS:41s7kYHH0YqdO03tFO91OG/RFVmypxe

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2100	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28
PID 2556 wrote to memory of 2100	2556	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b77bc45823601fb579f9afef1fd860629a195e2e40fdb4b36f97a508368178.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2100

memory/2100-54-0x0000000010000000-0x0000000010127000-memory.dmp

Filesize
1.2MB

Download
memory/2100-55-0x0000000010000000-0x0000000010127000-memory.dmp

Filesize
1.2MB

Download
memory/2100-56-0x0000000010000000-0x0000000010127000-memory.dmp

Filesize
1.2MB

Download