cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46

Analysis

max time kernel
115s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 21:39

Target

cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll
Size

820KB
MD5

921e1537c26b4ed529fcb5f28838d696
SHA1

80088390b30002de18c2c5c4df3fadbc497b3ba9
SHA256

cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46
SHA512

ac94ef0e54f6fc7e9d4f35b16add1e63ef155b27fe604dc5866874fcd76378f99bc09137eb33b964c50fc3756f5927176d3f31c68e9549f711ecb0878ca0c2a7
SSDEEP

12288:v3waoOl7hP8XCyjEcPPJuJvEFQJRMbQID8M2SrnJoaibP:v31yBEiP0JvEFQeQsZibP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2432	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 2432	3180	rundll32.exe	83
PID 3180 wrote to memory of 2432	3180	rundll32.exe	83
PID 3180 wrote to memory of 2432	3180	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2432