36d9add33cd6218ca6aec816d87923282e9c12a617d4bf06a634741a3688dc7f

Analysis

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 16:29

Target

36d9add33cd6218ca6aec816d87923282e9c12a617d4bf06a634741a3688dc7f.dll
Size

95KB
MD5

394f058b22102bef92b6b30ca1f3c4ff
SHA1

0ef7d77330238a9856d40e613e767b574a00c626
SHA256

36d9add33cd6218ca6aec816d87923282e9c12a617d4bf06a634741a3688dc7f
SHA512

b5b45d377d9c4e4177e261ed8eee3efce2fdc46ba4dcf09de3b14293defd8c9360320c75f3633c9385aa634ff598a13f5a6e77565f963691966ef9c6632cdc58
SSDEEP

1536:Vr904Qj6QcxkPmYRLulcaUDJ7tIFp2Jx42RbXNzlDY42A2QBxAyB/GSRQ:Vr9H++YDaUl7tC2D4UbXNzV9n3/GSRQ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1744	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1744	2108	rundll32.exe	80
PID 2108 wrote to memory of 1744	2108	rundll32.exe	80
PID 2108 wrote to memory of 1744	2108	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d9add33cd6218ca6aec816d87923282e9c12a617d4bf06a634741a3688dc7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d9add33cd6218ca6aec816d87923282e9c12a617d4bf06a634741a3688dc7f.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1744

memory/1744-133-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1744-134-0x0000000000820000-0x0000000000832000-memory.dmp

Filesize
72KB

Download
memory/1744-135-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download