9fa62c3ddaf2dd59c3aa8d08f0bdfc0190ccabb00b26c71188f2490b00ad5c8e

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 01:31

Target

9fa62c3ddaf2dd59c3aa8d08f0bdfc0190ccabb00b26c71188f2490b00ad5c8e.dll
Size

4.8MB
MD5

7eb275addd35f73c0ac59793eaf09e8e
SHA1

abcd4216c69d019830e08a0a5b4a802668924799
SHA256

9fa62c3ddaf2dd59c3aa8d08f0bdfc0190ccabb00b26c71188f2490b00ad5c8e
SHA512

bf30da6127e6e585e28c0e26a42f3bed00a6de92c73ae83c11b950cbc9fb1aecae180bf49ed7b0f8fa1ddcf40ab551ec030ca095de1f27ac908fd76f91fd25b1
SSDEEP

98304:gBjdYwQzfPIhmw3D68gHz20wzXKYgTpocuuzu4C6Pb:Q1QzfAIw3D68gHz20wzXKYgTpocuuzuo

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2112	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28
PID 1216 wrote to memory of 2112	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fa62c3ddaf2dd59c3aa8d08f0bdfc0190ccabb00b26c71188f2490b00ad5c8e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fa62c3ddaf2dd59c3aa8d08f0bdfc0190ccabb00b26c71188f2490b00ad5c8e.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2112