905459880fe7a096ffa80e60f9a51a7c573e01e258b0e10e8589cf6db85ac466

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:59

Target

WeChat Lite 2.6.2/message.dll
Size

740KB
MD5

4339fa3d77075d1fd7584a59c48b5efc
SHA1

34e05f32ad1f84f5438812177b8aa07b109d7eec
SHA256

5781fc2d930e7043379bcea99d87d1ad163d0f49708c9839e0919f05d8d88529
SHA512

9004712ef73ec7fcb9721973d46c42fddaa8fec9b41696f795c01ed46bbd4b3635bde568eede5e9282cc4464f3638665347ac71fa17086ec0c3e07e5283ebb8b
SSDEEP

6144:S1n4HBaynv7pTG07uE0+oCLG30vOr4aAEu1k6cQiICsaRhoClYTckNCtjzPm+rAf:S14akjpTG0CE/jOQS6td1CYlC1YX

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2156 rundll32.exe

pid	process
2156	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 2156	1756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:2156