e8d9ebb11d6f74342355619fa44e16f0289acd62187e934a1ed110c8e0600bc9

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:24

Target

1cb0d2947f1092eefd03996843ee77fc.dll
Size

26KB
MD5

1cb0d2947f1092eefd03996843ee77fc
SHA1

133a461097e5580c969a6a4d35c60f8511f64785
SHA256

e8d9ebb11d6f74342355619fa44e16f0289acd62187e934a1ed110c8e0600bc9
SHA512

f15007d02d48b39a1c3946a4b67addbf72e99073789fe8fc404de27fe18e9faaaa9359e22d68b7beddf63b5c5d22b2e5b74b84dfcf72b1a2873b9a0788fbacf5
SSDEEP

384:sG2yCZdUw2/tgbcEXRSbuj1PM0VfdaO4ELG22ceeDvul3ZQ:sG51w2FNq1PM0VVaELxJWlJQ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2900	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28
PID 1152 wrote to memory of 2900	1152	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cb0d2947f1092eefd03996843ee77fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cb0d2947f1092eefd03996843ee77fc.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2900