2545967ec4cdeb96228bfc24916513cdd0cf9f1ea51c53a7caed57c2335d8236

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 23:58

Target

54eeacee60d8da508227e81cc5d41245.dll
Size

7KB
MD5

54eeacee60d8da508227e81cc5d41245
SHA1

0e486f6b7c83a65f7cf348c604579b57990d444b
SHA256

2545967ec4cdeb96228bfc24916513cdd0cf9f1ea51c53a7caed57c2335d8236
SHA512

6562d8c52f6c9613fa03666e219a3b9a9780691ee168d3dd534ee360900fd77be1e9c2af05d23ef0488b6a77ba51d4772309935e68d9f49fc307a99b5b138c8e
SSDEEP

96:FOTRR9cIqm8622maWtk9GP3gzxub/MuutqWjEXg7pafEogfYPB:MTRQejmak8GP3gtuY7goH7cNgS

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2036	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28
PID 1904 wrote to memory of 2036	1904	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54eeacee60d8da508227e81cc5d41245.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54eeacee60d8da508227e81cc5d41245.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2036