1379fd67588484b8817a50e5fdfb37ced156e44b3a4f0fdd466409e481733ef5

Analysis

max time kernel
183s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 22:40

Target

ʹ֮/hook.dll
Size

780KB
MD5

d689f4979d99dc5627c7b28c57c24a52
SHA1

70b153e20e1b21807b76a0af57e55a4c3ef4c688
SHA256

96305bd113673cab2dcc7180997b4500235bb509fb68c144535401c6510a8332
SHA512

95d20816fa0d21354c5c6303ebe246add92c9f8bb8628106f2c6099013a97451f5e9a0356cfc14332ebe53f94e06e77f4deabac8feb4677b5d8ebf02a885e24e
SSDEEP

6144:ipUM6WA/ODBnKApJuyvNmxBnutFatR5EVFMNjM6sF7/Ts/IzemYRX/9QvCKXxaPS:ipYWDBnKggI2QzKEFwj6Bo/Y3m96G3K

Score

8^/10

Blocklisted process makes network request 4 IoCs

Processes:

rundll32.exe

flow pid process

15 2440 rundll32.exe
16 2440 rundll32.exe
17 2440 rundll32.exe
19 2440 rundll32.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2440 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5064 wrote to memory of 2440	5064	rundll32.exe	rundll32.exe
PID 5064 wrote to memory of 2440	5064	rundll32.exe	rundll32.exe
PID 5064 wrote to memory of 2440	5064	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ʹ֮\hook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ʹ֮\hook.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2440