26844eb853d053098e64e6c89f73099484cd35a192ba9994e77a879e46ce2cc5

Analysis

max time kernel
91s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 19:56

Target

26844eb853d053098e64e6c89f73099484cd35a192ba9994e77a879e46ce2cc5.dll
Size

2.1MB
MD5

100d70c83a15e57c497574b2ae0bf68b
SHA1

9ca788c697214bcf586caddf29b59939fa96d12e
SHA256

26844eb853d053098e64e6c89f73099484cd35a192ba9994e77a879e46ce2cc5
SHA512

7a53a0c15c25c68a4802af67a0df4d4f472332216fc5058e97352d58a9b5a7a2d694c9a343e3ed0d975a059f3ac15c897d0edb4b2e86eb99e818f4d5f4e7cfe0
SSDEEP

49152:V0C4U6odXgEhdLzdHxI5ByzNaHjHZJsH:25U6odXhXdS4z

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2228	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 2228	5012	rundll32.exe	81
PID 5012 wrote to memory of 2228	5012	rundll32.exe	81
PID 5012 wrote to memory of 2228	5012	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26844eb853d053098e64e6c89f73099484cd35a192ba9994e77a879e46ce2cc5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26844eb853d053098e64e6c89f73099484cd35a192ba9994e77a879e46ce2cc5.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2228