c64bcc3d53c0ba62fab4be570e54323e4c2453abaaa5412fc96fcf65412115f8

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 11:57

Target

507f1647670f3d454a33ff1d6554a48e.dll
Size

204KB
MD5

507f1647670f3d454a33ff1d6554a48e
SHA1

c0d66bf2c90687e08da9f1fa71abfecbf36501d5
SHA256

c64bcc3d53c0ba62fab4be570e54323e4c2453abaaa5412fc96fcf65412115f8
SHA512

5afa03d76d3a719e0f57b0310e015e3c99f13e2f8e5a97f7d43eafd1e1ede4d1ce186444522d2219825b2e7199722204efb3d7434202128af03ca0e42ebb6733
SSDEEP

3072:6zdHS/h44HWy7pAn96VOPR/DHOjqciTn97VHmgGN7saG40jbtxZjr:rQopAIqDOjqciB7VGwzN

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2012	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27
PID 1880 wrote to memory of 2012	1880	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\507f1647670f3d454a33ff1d6554a48e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\507f1647670f3d454a33ff1d6554a48e.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2012

memory/2012-10-0x0000000075B00000-0x0000000075C10000-memory.dmp

Filesize
1.1MB

Download
memory/2012-11-0x0000000000450000-0x0000000000460000-memory.dmp

Filesize
64KB

Download
memory/2012-12-0x0000000075B00000-0x0000000075C10000-memory.dmp

Filesize
1.1MB

Download
memory/2012-13-0x0000000075B00000-0x0000000075C10000-memory.dmp

Filesize
1.1MB

Download