cedd7c680ac2da3e3628ceed71d676d612eea25ac86965bbab5cd2411940c028

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:09

Target

cedd7c680ac2da3e3628ceed71d676d612eea25ac86965bbab5cd2411940c028.dll
Size

41KB
MD5

b37e26bb5f7369e85770b153d22cf593
SHA1

dd3286c8838c4000674c066b254304ca241557b7
SHA256

cedd7c680ac2da3e3628ceed71d676d612eea25ac86965bbab5cd2411940c028
SHA512

8758f931e9377a649d3375cd49110f7081993a167d79b0f37d9c1c57941f5a587cf89b0ef3e7dacb834795ddbc3faaae0d2c3719c5c7bda92feb39cf2d4ef3c8
SSDEEP

768:txjgMLSjLNe/qB46qsm6mSn8uaOuaFqA3v45xWbLQgMWAOBXv3uhNn:Xjg4gNepum6jRbIv5xCQgMGB+x

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2604 rundll32.exe

pid	process
2604	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4636 wrote to memory of 2604	4636	rundll32.exe	rundll32.exe
PID 4636 wrote to memory of 2604	4636	rundll32.exe	rundll32.exe
PID 4636 wrote to memory of 2604	4636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cedd7c680ac2da3e3628ceed71d676d612eea25ac86965bbab5cd2411940c028.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cedd7c680ac2da3e3628ceed71d676d612eea25ac86965bbab5cd2411940c028.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:2604

memory/2604-132-0x0000000000000000-mapping.dmp

Download
memory/2604-133-0x0000000000FF0000-0x0000000000FF8000-memory.dmp

Filesize
32KB

Download
memory/2604-134-0x0000000001390000-0x000000000139F000-memory.dmp

Filesize
60KB

Download
memory/2604-135-0x00000000013B0000-0x00000000013B8000-memory.dmp

Filesize
32KB

Download