5ff9bcc7782ce407905db9c5c96a0d45636b1adb73cc4fd55d3a6b824014ef52

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 03:35

Target

2690d44ea3b19395f3f88f2ef1bdb42c.dll
Size

9KB
MD5

2690d44ea3b19395f3f88f2ef1bdb42c
SHA1

29f707b8bf0159fffd6b75103c9ccfcce0030303
SHA256

5ff9bcc7782ce407905db9c5c96a0d45636b1adb73cc4fd55d3a6b824014ef52
SHA512

9e06d5e45f2abe81cf110a94811861e51b6d6808b96a22bf8c6910da8e7220a79239b300773e0ffa5edf06c6a1be0e68ac0b69dc71f759fa503ebe7c5840cbcb
SSDEEP

96:1apT99PQtSnFKhUY6kvTUbmee3fEW8r2Ctdd1Y4pXmEaflF4TWUe:1aP9It+cJDeQ9ZKWLb4TWUe

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1216	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28
PID 1344 wrote to memory of 1216	1344	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2690d44ea3b19395f3f88f2ef1bdb42c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2690d44ea3b19395f3f88f2ef1bdb42c.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1216