6aa7e4b274eae2f32924a8905f3acd9a765513e00d954167534049e7e7bf6ffe

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:32

Target

0d11011d8720db81c48d066e8d43799d.dll
Size

716KB
MD5

0d11011d8720db81c48d066e8d43799d
SHA1

7c39bd71323c001464467753847266363f29736a
SHA256

6aa7e4b274eae2f32924a8905f3acd9a765513e00d954167534049e7e7bf6ffe
SHA512

3b1b9912280492b5a78d7fed3050e62bce3ba784bf72eb5e322dbb418fb2357f975e5dfbe03c82a1ff81f5347a0c18e2f98c90c7b8546d718f3d42699046cd8d
SSDEEP

12288:tU9JlcPkn2PoItV2posT8Obb2BsCfe6IwYZ1ItvVEBRv1xXJX6U/7AZZDLeLfv:+JGoZqsnFb2J268avVEBRfX9/76ZDCD

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2996	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28
PID 3000 wrote to memory of 2996	3000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d11011d8720db81c48d066e8d43799d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d11011d8720db81c48d066e8d43799d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2996