8512794a25b08bb453f7b812f959506c8fdc13639cce70d7123b4db7b87e3d20

Analysis

max time kernel
269s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 23:35

Target

8512794a25b08bb453f7b812f959506c8fdc13639cce70d7123b4db7b87e3d20.dll
Size

59KB
MD5

02a1f1f318c10fbef63de4d7d9377871
SHA1

f4448762cc32441d426f1f3ab967649768042cde
SHA256

8512794a25b08bb453f7b812f959506c8fdc13639cce70d7123b4db7b87e3d20
SHA512

1fe26173d22cf42d44739a1812618a1e3d44530309573b22ed9bcfbffbc85b94550bd5bb4ce3d90ab994bc24c6ffc65dcd2270a36815cb779e1ce08e95f899bf
SSDEEP

768:qaEHTGEBv6OuJjxqbhJKOBGxoVlbP2nP8oMQIEnoD:qHHTG7OuJjsKOBlVh+EoM4noD

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4440	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 4440	3368	rundll32.exe	82
PID 3368 wrote to memory of 4440	3368	rundll32.exe	82
PID 3368 wrote to memory of 4440	3368	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8512794a25b08bb453f7b812f959506c8fdc13639cce70d7123b4db7b87e3d20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8512794a25b08bb453f7b812f959506c8fdc13639cce70d7123b4db7b87e3d20.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4440