068ad49eb2b3da038f7bec2004816bed56ec2ec7b7e0b60669bf6733ed6a4753

Analysis

max time kernel
84s
max time network
42s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:03

Target

0d6e69c54765cb6ca386c1e6f0055955.dll
Size

30KB
MD5

0d6e69c54765cb6ca386c1e6f0055955
SHA1

39e5930471df1384f20ca572e5883052b264190b
SHA256

068ad49eb2b3da038f7bec2004816bed56ec2ec7b7e0b60669bf6733ed6a4753
SHA512

6bb548bab4d95635e6950b01554dd630e8202a1b1e8049d7abaccba7fab37115fa7659a8936de35810a751226c477987c718c88e73f2cf8dbaa19d5dc52d335f
SSDEEP

384:U2tXXA9hq92y1LUWlXFdikqo/+M+US3Y9CyZyqst5yOZ1EKPVFMzX0kCnYPLxeME:UaQhqMOlXGkWMhS3Ysy4qsAOZhdFOCX

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2608	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29
PID 2632 wrote to memory of 2608	2632	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d6e69c54765cb6ca386c1e6f0055955.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d6e69c54765cb6ca386c1e6f0055955.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2608