498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3

Analysis

max time kernel
91s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 03:37

Target

498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll
Size

872KB
MD5

42b7ca713729f059f45df978e3e13000
SHA1

b3630a275345ae68e32d24c0084d8ef4a7f8abae
SHA256

498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3
SHA512

e4f296d289221f611d136a6850df7d6d6a02e0869237504bc49d76d6459c13729e24f3fe555f98053d71dc35efa2966ee832f3b8ff2d77ac2b6dfad695fa99a6
SSDEEP

12288:mTLTXeZ9T6vjVDUEx2wchHgugueZ/G3XuXLXz9:mT+fTWjVDUEx2wch55AG3ozz9

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1016	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 1016	4316	rundll32.exe	81
PID 4316 wrote to memory of 1016	4316	rundll32.exe	81
PID 4316 wrote to memory of 1016	4316	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\498f22d579ff5613e2a309677a86a5fa59c1d8770235f826d240c0df7c106cb3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1016