55c327c7e7c4be6d591461ec09b66e37f29f2f350c74193f187b431959812516

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:47

Target

6fa0b64eef1a36c187096ad5e11b5b18.dll
Size

892KB
MD5

6fa0b64eef1a36c187096ad5e11b5b18
SHA1

90db8a6f43372b48fc0098781dfeefec92726dd8
SHA256

55c327c7e7c4be6d591461ec09b66e37f29f2f350c74193f187b431959812516
SHA512

10fc01c94f20a9205ad0f04ccd929ea0ed47b1e9375297ad4e45c68911e4cfbc98751ce8a4e04b977f2c929b5c3adde85bbf864a6752f1834dd1da2634fc8a95
SSDEEP

12288:ZefXHjocM6tSg46NRrVlmC26ynJrtMNV3GpJwh/RVhC:Zef3FuglR5lmC2TnVCkJuRVk

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2224	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28
PID 1664 wrote to memory of 2224	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fa0b64eef1a36c187096ad5e11b5b18.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fa0b64eef1a36c187096ad5e11b5b18.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2224