abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137

Analysis

max time kernel
178s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 20:13

Target

abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll
Size

30KB
MD5

83a2cace740c055e16c0c28a5744a7e8
SHA1

8a477e1b7215ebde37d13a43f7c30e7a4e6b336e
SHA256

abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137
SHA512

f1156c46f5217658dcfebe73e9cd74c674e6aeda23ceea532dfa66bee4a93eaa3c076f9bd96b475678d08f6706c10eadd4223766ed82b726d3ca7c7f5d6f31fb
SSDEEP

384:z9OQ24bluDAq3m6j6yq/8H5v2XIgtwh+oYcWS1hKdvGIuIIA76UGy:5F4DV+/8H5OXBcUfL4Imord

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4896	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 4896	4880	rundll32.exe	81
PID 4880 wrote to memory of 4896	4880	rundll32.exe	81
PID 4880 wrote to memory of 4896	4880	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abc188e73bc0c6c9f955e3e8924550e412c5e02877ad2938a252d87bdb012137.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4896