a3fa690ad9d2a50cbb5edb404faf2302b7ae6442322c79ea0364952ae4db40ae

Analysis

max time kernel
160s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 14:14

Target

a3fa690ad9d2a50cbb5edb404faf2302b7ae6442322c79ea0364952ae4db40ae.dll
Size

44KB
MD5

59d19f3f5d4b60f0d8da1cf11a8dcba6
SHA1

c7186990f6298d0ebfcd7d2aef96f3a33f617248
SHA256

a3fa690ad9d2a50cbb5edb404faf2302b7ae6442322c79ea0364952ae4db40ae
SHA512

11b38738946b5412f22bb496ae6b8f2bd77fd5035ab4dab32210cf8199bfa82098631faddf48bc30f44becea724d3020d26525607052afb1402c26346d9970d1
SSDEEP

768:YxUgMLSjLNe/qB46qsm6myEXrZCrSi8yA3v45xWbMQNMWAOc2krM4QxY7Fab:OUg4gNepum67yETv5xBQNMGc2krDNo

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1016	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 1016	812	rundll32.exe	79
PID 812 wrote to memory of 1016	812	rundll32.exe	79
PID 812 wrote to memory of 1016	812	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3fa690ad9d2a50cbb5edb404faf2302b7ae6442322c79ea0364952ae4db40ae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3fa690ad9d2a50cbb5edb404faf2302b7ae6442322c79ea0364952ae4db40ae.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1016

memory/1016-134-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/1016-135-0x00000000021F0000-0x00000000021F9000-memory.dmp

Filesize
36KB

Download
memory/1016-133-0x00000000021C0000-0x00000000021C9000-memory.dmp

Filesize
36KB

Download