177d6141e59e296516672d70ac7015a2049807ee3e8c93d31583d9bcc7204e0f

Analysis

max time kernel
172s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 02:53

Target

177d6141e59e296516672d70ac7015a2049807ee3e8c93d31583d9bcc7204e0f.dll
Size

1016KB
MD5

a020db293cdcad171034e052073510ba
SHA1

7bf97dd7fc1034d011ddbc6d0fe2a18fa4edd120
SHA256

177d6141e59e296516672d70ac7015a2049807ee3e8c93d31583d9bcc7204e0f
SHA512

7556f6623b000f410f8ef6999ee0375d1404ec33beb98332d9bfadd120490011d60527222cdcfc0321ea1bdbaf73dbccaf2595e80d850abb5755f4a24a633f90
SSDEEP

24576:JUkgLcRsFm3AMZf5FE3HmmjSEV1DL5iHNYQ2z:JIwRTwavoGCnDliB2

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4928	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 4928	3028	rundll32.exe	69
PID 3028 wrote to memory of 4928	3028	rundll32.exe	69
PID 3028 wrote to memory of 4928	3028	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\177d6141e59e296516672d70ac7015a2049807ee3e8c93d31583d9bcc7204e0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\177d6141e59e296516672d70ac7015a2049807ee3e8c93d31583d9bcc7204e0f.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:4928

memory/4928-1-0x0000000001410000-0x0000000001412000-memory.dmp

Filesize
8KB

Download
memory/4928-0-0x0000000010000000-0x0000000010362000-memory.dmp

Filesize
3.4MB

Download