f9b71c8fe6d014d9a2b88bf050eb4908695d51444edf52bcea75d431bedd620b

Analysis

max time kernel
167s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 02:36

Target

f9b71c8fe6d014d9a2b88bf050eb4908695d51444edf52bcea75d431bedd620b.dll
Size

605KB
MD5

1bbebfc1f075dbef2a75877e78b45af0
SHA1

317a411d099239752dd4b3aec20b79f5a3d7499f
SHA256

f9b71c8fe6d014d9a2b88bf050eb4908695d51444edf52bcea75d431bedd620b
SHA512

59d34a64ade194b0d666140b1f8b5547da321683204b3d92614e527bb040a711431178f5904ad93436c3b0b2cbd7a98defaa6299368736e864a403ef5892d45e
SSDEEP

12288:t0o7YNQNLPxez8dFlZqBmreGhSzUz/MHZbmqMrUAjHTMV9fQA:LwQaz+8DAMHZbmNrUwuQ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4796	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4796	4300	rundll32.exe	80
PID 4300 wrote to memory of 4796	4300	rundll32.exe	80
PID 4300 wrote to memory of 4796	4300	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b71c8fe6d014d9a2b88bf050eb4908695d51444edf52bcea75d431bedd620b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b71c8fe6d014d9a2b88bf050eb4908695d51444edf52bcea75d431bedd620b.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4796

memory/4796-133-0x0000000074E30000-0x00000000751CA000-memory.dmp

Filesize
3.6MB

Download