f4c6564a70468a692eb5bb4914467df8c224772ac9eb094adddc9f84bc60ccba

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 15:31

Target

f4c6564a70468a692eb5bb4914467df8c224772ac9eb094adddc9f84bc60ccba.dll
Size

1.7MB
MD5

56dbe8b9a7bbefb4edec25ed3d75a46c
SHA1

99590b4bbab609f8bd54d6471d80872676794fda
SHA256

f4c6564a70468a692eb5bb4914467df8c224772ac9eb094adddc9f84bc60ccba
SHA512

60a3927c0081ac0d6402b975c6b0a70462aeba0557ab3aa4db2e1850e0ac803e89f9376c6ccc665246049f6ab0c7cea6655da93b77c100672f944f177eaa5b44
SSDEEP

49152:7IGWR2DvENnNGZItosbs9Dqb2lMppTJa2geEqSS:7i2T8NkItBbsZqbIepTJZgeEq

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2408	rundll32.exe
2408	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28
PID 2040 wrote to memory of 2408	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4c6564a70468a692eb5bb4914467df8c224772ac9eb094adddc9f84bc60ccba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4c6564a70468a692eb5bb4914467df8c224772ac9eb094adddc9f84bc60ccba.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2408