742d8af96ca1dcf14896d5d92e6332a201157a69973642e985b24608a540bc91

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 23:45

Target

1a922bf95701b74967093b125471a982.dll
Size

572KB
MD5

1a922bf95701b74967093b125471a982
SHA1

3bd54e13d231aa176350643f5fb1e94ced2e1337
SHA256

742d8af96ca1dcf14896d5d92e6332a201157a69973642e985b24608a540bc91
SHA512

ef79e0c169985979de09bf2f381a7bde8601e5f61a768c1158ebab5877be39c4e430d76487a2f4c672f1e5486b5623dc16732b67e707f9d35251a5cbb615dd9c
SSDEEP

12288:0THXLqDT7oCktsvv6B7mASR4WAl+PzCTVskbxZCFJ2h:2LsU5svSB7xW8mkbxIFJ6

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3068	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16
PID 2012 wrote to memory of 3068	2012	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a922bf95701b74967093b125471a982.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a922bf95701b74967093b125471a982.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3068