83c640049736705d2b90f2a54a5b9b4687c0ab9296f25f9e3c28381db73df2c2

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 12:15

Target

83c640049736705d2b90f2a54a5b9b4687c0ab9296f25f9e3c28381db73df2c2.dll
Size

1.1MB
MD5

e6adeec38bfe35b43aa86c9a17bda1d3
SHA1

8eb894a0a300656b69ca45528a1491d48dcc45d6
SHA256

83c640049736705d2b90f2a54a5b9b4687c0ab9296f25f9e3c28381db73df2c2
SHA512

4dead20d3c304941eb967a851681df06d18b6f09c6e288639119fd2abb25a1f79c6ebd1845539a92ef11400a9b22f32f86b122a9b47de5b15c06eaa536801696
SSDEEP

24576:fgbvzPdt/bJUax+s6/yaNtlZCcLxw3B14Tq26c8bGbgq:6vzPz/qa8//HNVCo+MsKd

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\mghrLua.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2152	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28
PID 2204 wrote to memory of 2152	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83c640049736705d2b90f2a54a5b9b4687c0ab9296f25f9e3c28381db73df2c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\83c640049736705d2b90f2a54a5b9b4687c0ab9296f25f9e3c28381db73df2c2.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:2152

memory/2152-0-0x0000000010000000-0x00000000104A3000-memory.dmp

Filesize
4.6MB

Download
memory/2152-1-0x0000000010000000-0x00000000104A3000-memory.dmp

Filesize
4.6MB

Download
memory/2152-2-0x0000000010000000-0x00000000104A3000-memory.dmp

Filesize
4.6MB

Download
memory/2152-6-0x0000000010000000-0x00000000104A3000-memory.dmp

Filesize
4.6MB

Download
memory/2152-5-0x0000000000120000-0x0000000000123000-memory.dmp

Filesize
12KB

Download
memory/2152-7-0x0000000010000000-0x00000000104A3000-memory.dmp

Filesize
4.6MB

Download