3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 20:23

Target

3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll
Size

32KB
MD5

57609b84d9aa2937edf66223200bdda2
SHA1

a41f3404d2141c51de253ac32195845ced578021
SHA256

3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5
SHA512

062bf3841231c25c723275fa541d4fbd6efeaf1d74bc5c4522a3ffdfaeb28b9762ff11e01e03ac2f41cc2c9ea763859961b587eaa79f30a90c362ed63dc56893
SSDEEP

768:oofqdJS/bSon6qDQirTu3r/an28q3n+FZ:ooSdJS/WO6mrTu3zan28qX0

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1408	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 1408	3404	rundll32.exe	81
PID 3404 wrote to memory of 1408	3404	rundll32.exe	81
PID 3404 wrote to memory of 1408	3404	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f0dfc46a1d5c20853b30b8d4ecab3a7e85a04c6250761716d9e1743110bdde5.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1408

memory/1408-132-0x0000000000000000-mapping.dmp

Download
memory/1408-133-0x0000000010110000-0x0000000010124000-memory.dmp

Filesize
80KB

Download