3e1a4475b40b5694f853c82051cc03b4b6fd84d14b71f519ffdfc10c451dd8c6

Analysis

max time kernel
96s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 07:58

Target

3e1a4475b40b5694f853c82051cc03b4b6fd84d14b71f519ffdfc10c451dd8c6.dll
Size

82KB
MD5

6fedcb9f69ac2298d30b5d2787bbfc08
SHA1

3cfd4cb6a01d31c2963212070e7345da1e960700
SHA256

3e1a4475b40b5694f853c82051cc03b4b6fd84d14b71f519ffdfc10c451dd8c6
SHA512

52460f18dc693f2f89789b60e8333b570e5ebbe6f69001408fc9c5259d736a3e11e0866771fbed79f30729caa3cc57a16cb2599dedabbfe9ebd11656a4736c85
SSDEEP

1536:JgJOLD+pqAVzoP9QmdvJ6CpGLnm1L7nlu8aaKIvxutEt7pWVAnsQeC:JhDb+MFDJHp+m1tu8aan5tpF

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1332	rundll32.exe
1332	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 1332	1128	rundll32.exe	83
PID 1128 wrote to memory of 1332	1128	rundll32.exe	83
PID 1128 wrote to memory of 1332	1128	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e1a4475b40b5694f853c82051cc03b4b6fd84d14b71f519ffdfc10c451dd8c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e1a4475b40b5694f853c82051cc03b4b6fd84d14b71f519ffdfc10c451dd8c6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1332

memory/1332-132-0x0000000000000000-mapping.dmp

Download
memory/1332-133-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1332-134-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download