3f80e2c7fa84810e42679807e7e9e819db4be3b4e4b19a5dd167dc9ca4a030f9

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:38

Target

3f80e2c7fa84810e42679807e7e9e819db4be3b4e4b19a5dd167dc9ca4a030f9.dll
Size

772KB
MD5

645117fb7f437b7ab112f8817bf3a0f0
SHA1

d5e7b29611d50b1fc9baf50bde1d9d33a5f76ba0
SHA256

3f80e2c7fa84810e42679807e7e9e819db4be3b4e4b19a5dd167dc9ca4a030f9
SHA512

7b36492f8ed92335248b1b16979aa25e58cf5d6edc9e0f320159de6b8f76e41113e63c535b65b8e5c605855b3a01dec275c7c2e74fe0470acf2b450871888738
SSDEEP

6144:9XAd7s08Ksa2fMZ0WvoiCszRDCbtupNB/ohuPMAqobBssxOoZHhJxjQtJ0CPpdAJ:9XI7zz92fMZ0t4zpt0ADjHhJ987pTC

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2140	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2140	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16
PID 1992 wrote to memory of 2140	1992	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f80e2c7fa84810e42679807e7e9e819db4be3b4e4b19a5dd167dc9ca4a030f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f80e2c7fa84810e42679807e7e9e819db4be3b4e4b19a5dd167dc9ca4a030f9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2140