9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 09:38

Target

9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll
Size

83KB
MD5

334a1393afff29fd56f93d5c7dfd70e1
SHA1

f4c0abee71cc96fad4927d0077c484f876f768ed
SHA256

9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461
SHA512

c71505a0da36d8e559c9d27dcc7c20da64f769fd7a902749e0f5361a270eec915db76d3962c24d1a9fa661f1e8621dca5ad5588703086934a9b5dd688380a355
SSDEEP

1536:QrRdW2NC2XnSrzhVTiYrj7kAc8JZzmjIRb5ZYgCtTfiB1Kujqrs1ZSadP:QrnWYXSr9VTfvIAcOyjIRHUmEsGsGg

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4772	rundll32.exe
4772	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 4772	1096	rundll32.exe	80
PID 1096 wrote to memory of 4772	1096	rundll32.exe	80
PID 1096 wrote to memory of 4772	1096	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4772

memory/4772-133-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/4772-134-0x00000000007F0000-0x00000000007F5000-memory.dmp

Filesize
20KB

Download
memory/4772-135-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download