22cda0ab9267828694f069a68f88caf8a72e8b516e519c0758b1502d9345d884

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 01:36

Target

键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardhook.dll
Size

48KB
MD5

718b0d4ceb3a318c1406dcccdf392473
SHA1

657920b021c2a7ed06fc5e71e89e61b792ce5dc0
SHA256

de4207b3a560b4e6a7ee7c8117ad01cddc5c596ae3bcbb70eafa1a11c0cbd38e
SHA512

5d79e1fd1c7d78be87ddabcaf71f1a96f8da12c18ce8ec0b80f1af8d4ef01a0d89cc2ab69b6eb2db42d205d690c406806135f89d1dc7d4f32d82ba831a8cfa16
SSDEEP

384:JMi8ezQ71VeTlxFoA6xVRTtcpjm/7KHF0srY3VyYYDzgJ47uL+cA/8oOgLZ/:+zb2TlxFL6xGpjm/EyV0DzgJ473/8o

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31
PID 2608 wrote to memory of 2812	2608	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\键盘记录器7.1 华军版\键盘记录器7.1 华军版\keyboardhook.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\键盘记录器7.1 华军版\键盘记录器7.1 华军版\keyboardhook.dll",#1
  2⤵
  PID:2812