86f8f8b0208391fff437a676a2785a304eb2dcb4d4e792caceb38188c9f23480

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:57

Target

704708491038f0446cbd5cb83d87dbe6.dll
Size

66KB
MD5

704708491038f0446cbd5cb83d87dbe6
SHA1

26bfa044c030051c3662ca70faf1c171c6169e5a
SHA256

86f8f8b0208391fff437a676a2785a304eb2dcb4d4e792caceb38188c9f23480
SHA512

f6bd6fb8ea22c2545d4d9075f1ac148f9b0fbd891d02eb3f6012ab82b6d998093fa2eb8659fce96197067be763011cc52e6875dc50bac0a94e9bd9df761e9386
SSDEEP

1536:iv0VDKj+49DZovcvffMdaUE1ViNmQ+Uw95qGj7SVO4tP:S0VN4hZPnMA7EllwD1qO4tP

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2964	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13
PID 1716 wrote to memory of 2964	1716	rundll32.exe	13

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\704708491038f0446cbd5cb83d87dbe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\704708491038f0446cbd5cb83d87dbe6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2964

memory/2964-2-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2964-1-0x0000000000250000-0x00000000002DD000-memory.dmp

Filesize
564KB

Download
memory/2964-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2964-3-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download