7134cfa86b96607fba3e5d395338dc8e86d5c58d78ba39c9128d71cfb934acd6

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:09

Target

7134cfa86b96607fba3e5d395338dc8e86d5c58d78ba39c9128d71cfb934acd6.dll
Size

54KB
MD5

a21026ad397757eb511a47e14d333fce
SHA1

189de50e076a59ede0b806cbe0aecde0d462b3f1
SHA256

7134cfa86b96607fba3e5d395338dc8e86d5c58d78ba39c9128d71cfb934acd6
SHA512

a0c93deabffb59104ff911d1ee994eb68c16274de50568c0e0799da87814680acacdfb194060202ba8b276d3c6a77e4262e1e923462c1e827226b8cf7b161660
SSDEEP

1536:OVge5h5zepum6jCv5xwQqMGa8fj5gtWOZA:mge5h5zoTrqMGaq51OZA

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2204 rundll32.exe

pid	process
2204	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4248 wrote to memory of 2204	4248	rundll32.exe	rundll32.exe
PID 4248 wrote to memory of 2204	4248	rundll32.exe	rundll32.exe
PID 4248 wrote to memory of 2204	4248	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7134cfa86b96607fba3e5d395338dc8e86d5c58d78ba39c9128d71cfb934acd6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7134cfa86b96607fba3e5d395338dc8e86d5c58d78ba39c9128d71cfb934acd6.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:2204

memory/2204-132-0x0000000000000000-mapping.dmp

Download
memory/2204-133-0x0000000000BD0000-0x0000000000BD9000-memory.dmp

Filesize
36KB

Download
memory/2204-134-0x0000000000BE0000-0x0000000000BF2000-memory.dmp

Filesize
72KB

Download
memory/2204-135-0x0000000000C10000-0x0000000000C19000-memory.dmp

Filesize
36KB

Download
memory/2204-136-0x0000000000C10000-0x0000000000C19000-memory.dmp

Filesize
36KB

Download