03ba7ea3ecfb6bd317098ba4b6a7a4fea52253f0318f2f51b2a54c4af5679b24

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 02:39

Target

CoralQQLite.dll
Size

88KB
MD5

eb60f7e63bf8bf58986ae7809d65a03f
SHA1

045c045673b972de718abb51e80e2b86f7773d13
SHA256

b8d5e2689abf2d5c60fea61038e785d50434eb6bed7aa46b7e6b7837bf19060d
SHA512

2301b850bc3c71336ea6433479cad8a136162ee1b2daeb0a6e86b0a9e54c82ccb607f4588b8468789fa1e00c1452207b1489f1477244ae912dbf47d9d38a56c5
SSDEEP

1536:bi+imcQZx/8b9ULguSXaJmfZiH+2G3zvxJv1Yn7TnAM9coxUYb7:bi+iU7Ub90WYyUHkLKnfAMpxUYb

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1052	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29
PID 1360 wrote to memory of 1052	1360	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CoralQQLite.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CoralQQLite.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1052

memory/1052-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1052-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1052-2-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1052-3-0x0000000010024000-0x0000000010025000-memory.dmp

Filesize
4KB

Download
memory/1052-4-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download