07b81d9400342c209f6b18a7428dfb7b322217267b200b85a22a52c45fe2156d

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/11/2023, 02:58

Target

07b81d9400342c209f6b18a7428dfb7b322217267b200b85a22a52c45fe2156d.dll
Size

3.6MB
MD5

e45ba83ffc1fd5f69292572df8f28dce
SHA1

006d7cfaac75504c2cd3f2949ad0d88d3513d969
SHA256

07b81d9400342c209f6b18a7428dfb7b322217267b200b85a22a52c45fe2156d
SHA512

a6c250bd907f5a7227738857c4a1dadb64eb1faff030a2a888fbaf585a4e7e865b846c9051a02fdf778717f611b4846f7ab951ce698fb3946417ea79b70eaf4e
SSDEEP

49152:Jt7eNnupTRbEblqASLMMx49jnUVj4d4n7rAtWX8UmKwc0eW5DO9Dyfk1N4F22a:fsnuplbJx4mVU2n7Mg8UmJculGDAkfa

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1868	rundll32.exe

Suspicious use of SetWindowsHookEx 39 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28
PID 1692 wrote to memory of 1868	1692	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b81d9400342c209f6b18a7428dfb7b322217267b200b85a22a52c45fe2156d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b81d9400342c209f6b18a7428dfb7b322217267b200b85a22a52c45fe2156d.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1868

memory/1868-0-0x0000000002A40000-0x0000000002C9B000-memory.dmp

Filesize
2.4MB

Download
memory/1868-6-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download