62acda9964bf244d0901c24f4d8f4f4f32839f750303dcbcfe34c74f50113408

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 09:48

Target

d5cf1f8f7fa8f438be37ab5e6df8fc73.dll
Size

25KB
MD5

d5cf1f8f7fa8f438be37ab5e6df8fc73
SHA1

3eef243975e2442a7189bf571c9b582f2d6fc9b9
SHA256

62acda9964bf244d0901c24f4d8f4f4f32839f750303dcbcfe34c74f50113408
SHA512

1e12991d1c4e39c3a3790d808ca03980c9261b8ae3f0bee1ea2454b615d5884b8de9353ff2b4ef7174f24dc7dfecf6129c9f9f065fa34d589de0f2adee195521
SSDEEP

384:6yuZ7vb5rz442OLhriG3D4TwEsQDyNq7W9qlltv0luW3WzWwZHaMXhi:gZ79M42ORiCUTwFQDyNqdloluWGywZzc

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2968	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28
PID 1488 wrote to memory of 2968	1488	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5cf1f8f7fa8f438be37ab5e6df8fc73.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5cf1f8f7fa8f438be37ab5e6df8fc73.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2968