31eb6884cb949ad34239706499cf887cd07b09963406e3b4a96225f03a71b5c3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 14:21

Target

31eb6884cb949ad34239706499cf887cd07b09963406e3b4a96225f03a71b5c3.dll
Size

1.6MB
MD5

4b91199098a663ee68729cc6091a2e5b
SHA1

fe204c8779d71a6335c162430a9e7e6992a6917b
SHA256

31eb6884cb949ad34239706499cf887cd07b09963406e3b4a96225f03a71b5c3
SHA512

7a68e71db4f018ba12ef6232a2856ef33d9c35ec36feec73bfef0b4f1cb97b49718fcc69bdaee9ba70f81f450b10ffe944f1995985acdf3f088a4925945f3ca2
SSDEEP

24576:p0Z/2bvWFDyJvkMezrAP3Sizlh5ocfFA8KPfFtgfMWob:pqDyTezk/pzFnqfzgUWob

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2740	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28
PID 1260 wrote to memory of 2740	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31eb6884cb949ad34239706499cf887cd07b09963406e3b4a96225f03a71b5c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31eb6884cb949ad34239706499cf887cd07b09963406e3b4a96225f03a71b5c3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2740