ff31fc1cbcfb9b8419df83dd77a3cde29071b3e5873025769e8ed2476d0f2c87

Analysis

max time kernel
119s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:39 UTC

Target

SkinH.dll
Size

95KB
MD5

8c00426ffcb551ba07904d9a67843bb4
SHA1

0c1daffaf62497cfa121320b386024a1c18b9be9
SHA256

2c1186029848788fe6fb2ab7cc2a1b9263a872e477344a3483e13ab89604e16c
SHA512

c235ef09f2b96142e062b87df76906c224e7256baabdc0c68d89b52b8603e0d16e6c6c5f98f3fb1fadef5fa117d516ee5ca4e7ecb2a47ecf752db56bd28f732a
SSDEEP

1536:wcK3pX5tPqSI3Hu5FTdQsQrYQRZLHiRdZ2Y+yt7ffSN6kLoy8QPjR87yVJFQsF8h:wcK31I3ApQ9rYQvHedmyVfSN6k78QP5q

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1408	2744	WerFault.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2744	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2356 wrote to memory of 2744	2356	rundll32.exe	28
PID 2744 wrote to memory of 1408	2744	rundll32.exe	29
PID 2744 wrote to memory of 1408	2744	rundll32.exe	29
PID 2744 wrote to memory of 1408	2744	rundll32.exe	29
PID 2744 wrote to memory of 1408	2744	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkinH.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkinH.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 252
    3⤵
    - Program crash
    PID:1408

memory/2744-0-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/2744-1-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/2744-2-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/2744-3-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download