405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:35

Target

405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll
Size

476KB
MD5

856987339b28abb608411a89d4809980
SHA1

418957cc5bd165458de30f94cb85c2b129efcf0e
SHA256

405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6
SHA512

6e14090fa7e84ccd34a75e35851c5a4696e3967e184396e98681832ff566b9b4b0a2f1416b8006d7f5d9b347de9d3a3be93dd6ea8a9adf253f70a0e14d28aa7f
SSDEEP

3072:4BQh3NWf2Fogb0JkAFWi6dgCoLoQe1p6vjzlUMqqDRbZo:4ed8OogoFH6dgvXwpi35qqDRbZ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4324	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4324	1404	rundll32.exe	79
PID 1404 wrote to memory of 4324	1404	rundll32.exe	79
PID 1404 wrote to memory of 4324	1404	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\405e8ac853985913c658f0f8e643ea41de47020d5ac0ac209662bf4bf99075d6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4324

memory/4324-133-0x000000001CA00000-0x000000001CA82000-memory.dmp

Filesize
520KB

Download