ca93ed5c5368612cbd8426766e20dd956be71b482a1473fc64d0685352acc2d7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 14:08

Target

ca93ed5c5368612cbd8426766e20dd956be71b482a1473fc64d0685352acc2d7.dll
Size

90KB
MD5

9d417a2ff7554249b3fecf105b52f99d
SHA1

f7e6dd6f02d475053859a02313d6dd628c9dabde
SHA256

ca93ed5c5368612cbd8426766e20dd956be71b482a1473fc64d0685352acc2d7
SHA512

a4655736e60db697b79f4f5c6a41ab2814bc7bcba3f2aea88b55ce430343f2a312be9e8b803666db29d526eec80d3c3ce98c34d1504b3aa107379f11056f9e2e
SSDEEP

1536:GSfH9WGfLV5Pb8MYqoQ1pbuRJeSak5xnXa/Wljk/aLkvMZn9:GGH9hVRbvYqowo+kbawVYMZn9

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2988	rundll32.exe
2988	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 2988	4308	rundll32.exe	79
PID 4308 wrote to memory of 2988	4308	rundll32.exe	79
PID 4308 wrote to memory of 2988	4308	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca93ed5c5368612cbd8426766e20dd956be71b482a1473fc64d0685352acc2d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca93ed5c5368612cbd8426766e20dd956be71b482a1473fc64d0685352acc2d7.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2988

memory/2988-133-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download
memory/2988-134-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download