e147efc4382f0bfc40689548c1da45d36bcba0810d42601a3fa82a03d98f6439

Analysis

max time kernel
182s
max time network
238s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 14:35

Target

e147efc4382f0bfc40689548c1da45d36bcba0810d42601a3fa82a03d98f6439.dll
Size

588KB
MD5

c90a5e256f0b166e8c0f8e943805c24f
SHA1

a6146300ced46d0d2093eb910bc442e9c2da20e8
SHA256

e147efc4382f0bfc40689548c1da45d36bcba0810d42601a3fa82a03d98f6439
SHA512

e5224dedeb734489488a6396803b5f0c1836d6663b157005b4ed62c39bc7aacffedce8061011d4e24d1ad8d8c18a03f10e5e7b32f3636f86fbbe056df5413952
SSDEEP

6144:7q3eAB9QAXE1XKNzxCjKTFCqqDL61k1x:23tCVXKTCjGqn62

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
524	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 524	4000	rundll32.exe	78
PID 4000 wrote to memory of 524	4000	rundll32.exe	78
PID 4000 wrote to memory of 524	4000	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e147efc4382f0bfc40689548c1da45d36bcba0810d42601a3fa82a03d98f6439.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e147efc4382f0bfc40689548c1da45d36bcba0810d42601a3fa82a03d98f6439.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:524

memory/524-133-0x000000001C000000-0x000000001C093000-memory.dmp

Filesize
588KB

Download
memory/524-134-0x000000001C000000-0x000000001C093000-memory.dmp

Filesize
588KB

Download