b899b5e94ebd29f75bf6d22249e2d170939d415bd41c53bc43556b4ce14b2371

Analysis

max time kernel
181s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 14:33

Target

b899b5e94ebd29f75bf6d22249e2d170939d415bd41c53bc43556b4ce14b2371.dll
Size

755KB
MD5

8d49edd7501e402333430178597c892d
SHA1

45e6c18316a96d533837c79f4c89602f1a9b8b90
SHA256

b899b5e94ebd29f75bf6d22249e2d170939d415bd41c53bc43556b4ce14b2371
SHA512

26b7e1cdbc8570a1e39ace10336086fe21be46cc16511b59b47cfd6c9841e36fe14d06b63a4d7bf8c94977c97bf42f2e693df01b7c1f9af372c593d2902d2b12
SSDEEP

12288:+zG6axRntjhGHvd+OOSfbXej1cKGvgWE1sqQFxb3rUPsp+00BliT58Wvvz:L6oXGV+eZqQD3oj05582vz

Score

1^/10

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3492	4540	rundll32.exe	84
PID 4540 wrote to memory of 3492	4540	rundll32.exe	84
PID 4540 wrote to memory of 3492	4540	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b899b5e94ebd29f75bf6d22249e2d170939d415bd41c53bc43556b4ce14b2371.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b899b5e94ebd29f75bf6d22249e2d170939d415bd41c53bc43556b4ce14b2371.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3492