e75b26ed7c0781aa5104db464c30834e62aba8645d24599286cd42469d3fbb35

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 17:07

Target

e75b26ed7c0781aa5104db464c30834e62aba8645d24599286cd42469d3fbb35.dll
Size

985KB
MD5

34ceed7cba604f0633501fb89fedf0bd
SHA1

955229a9ff4366777ce3cacfc52ff4a243715e4a
SHA256

e75b26ed7c0781aa5104db464c30834e62aba8645d24599286cd42469d3fbb35
SHA512

9d683bbb5befde8b58eb9ca457bb092bd547151dd491aeac14ae84b6b7276f6395cbc98ffb96fbee4dc2177c44671e568ca5648d679d4ee4cffba75b97bfcdfe
SSDEEP

24576:FC1Nuo1iSBqEQ3IQ79xxK/1cEQL85eLRN6QwQCDY3KuGNiNQ:FCLu7Yq99rK/aEQg5eFKQ0ZTi

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1924	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29
PID 2236 wrote to memory of 1924	2236	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e75b26ed7c0781aa5104db464c30834e62aba8645d24599286cd42469d3fbb35.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e75b26ed7c0781aa5104db464c30834e62aba8645d24599286cd42469d3fbb35.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:1924

memory/1924-0-0x0000000010000000-0x0000000010398000-memory.dmp

Filesize
3.6MB

Download
memory/1924-5-0x0000000000120000-0x0000000000123000-memory.dmp

Filesize
12KB

Download
memory/1924-4-0x0000000010000000-0x0000000010398000-memory.dmp

Filesize
3.6MB

Download
memory/1924-3-0x0000000010000000-0x0000000010398000-memory.dmp

Filesize
3.6MB

Download