770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 08:50

Target

770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll
Size

855KB
MD5

ede403a704e2b1db333364729e6c7e7f
SHA1

41307228ca980030f57090e9492361ce000e09b6
SHA256

770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f
SHA512

98284049fa1d9605b0f53ea1f83990473de6ee7eb4434cac4ff5f3f935ccf72d8e26c597c6ec6124af462cf8bda084f5fed32e273e7bad2b25dd4c1fc66135a3
SSDEEP

24576:KdrI2XaONCmvC0p1BjqM9ksEMMhb+aJ+EQhUZNkVZG:KdrI2/NPRdysXNuN7k

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	1888	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1888	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28
PID 2164 wrote to memory of 1888	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of SetWindowsHookEx
  PID:1888

memory/1888-0-0x0000000010000000-0x0000000010329000-memory.dmp

Filesize
3.2MB

Download
memory/1888-1-0x0000000010000000-0x0000000010329000-memory.dmp

Filesize
3.2MB

Download
memory/1888-2-0x0000000010000000-0x0000000010329000-memory.dmp

Filesize
3.2MB

Download
memory/1888-3-0x0000000000160000-0x0000000000163000-memory.dmp

Filesize
12KB

Download
memory/1888-4-0x0000000010000000-0x0000000010329000-memory.dmp

Filesize
3.2MB

Download