be7da37ab547888b3c5c82f318b3aa960dbf592fcfc0d6b0ca45e7c1fbc1d8be

Analysis

max time kernel
182s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:01

Target

be7da37ab547888b3c5c82f318b3aa960dbf592fcfc0d6b0ca45e7c1fbc1d8be.dll
Size

55KB
MD5

1040383506b939cb2bef2fcafc5546d8
SHA1

a22ab795a218ef653d5d4074d938f64de2075a29
SHA256

be7da37ab547888b3c5c82f318b3aa960dbf592fcfc0d6b0ca45e7c1fbc1d8be
SHA512

ee7fae34ff200385aa7d0919c816778cc4f3a60b26aea84be6465ef7e85a53a86e723f330b2951ca2aa8e7bac4b7cedaed5731a8d72ad5303b7987a33ebc1f05
SSDEEP

768:Q+oguUB3c9vFY4XlqeV24Gs7cO1bzR0vxKLQFUssO+wcSDPnGMEanudfIx:J6/9vFlXQP4GsROvxL6GDvlEgudE

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4088	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 4088	4688	rundll32.exe	78
PID 4688 wrote to memory of 4088	4688	rundll32.exe	78
PID 4688 wrote to memory of 4088	4688	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be7da37ab547888b3c5c82f318b3aa960dbf592fcfc0d6b0ca45e7c1fbc1d8be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be7da37ab547888b3c5c82f318b3aa960dbf592fcfc0d6b0ca45e7c1fbc1d8be.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4088

memory/4088-133-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/4088-134-0x0000000000DD0000-0x0000000000DE1000-memory.dmp

Filesize
68KB

Download
memory/4088-135-0x00000000025D0000-0x00000000025E1000-memory.dmp

Filesize
68KB

Download
memory/4088-136-0x00000000025D0000-0x00000000025E1000-memory.dmp

Filesize
68KB

Download