203b3c61ef0017f1a4c157954c0ebd02d90c7b00e33eed8261b31163838f24ac

Analysis

max time kernel
90s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 07:49

Target

203b3c61ef0017f1a4c157954c0ebd02d90c7b00e33eed8261b31163838f24ac.dll
Size

320KB
MD5

0877cc0a877581f16ec5662d5d4b10cb
SHA1

5246eb7e26bbcc80bf92f21716920577092ea745
SHA256

203b3c61ef0017f1a4c157954c0ebd02d90c7b00e33eed8261b31163838f24ac
SHA512

d9e544eea47f82a28e7cdcf6e99fe16ab3e2f5b134d4319c40e18c2dba1fc0c7bcb610c651668e759fb30486fa50f71b620e2904290a82e79fa32c45dbbe1e68
SSDEEP

3072:WsAsrfhqP3dJwV7tts2ltThBJf5bIWC80KY5S0aODj7Hsl9Q:U2fw/d63ts2NxVpU4o7k

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3984	rundll32.exe
3984	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3984	1096	rundll32.exe	79
PID 1096 wrote to memory of 3984	1096	rundll32.exe	79
PID 1096 wrote to memory of 3984	1096	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\203b3c61ef0017f1a4c157954c0ebd02d90c7b00e33eed8261b31163838f24ac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\203b3c61ef0017f1a4c157954c0ebd02d90c7b00e33eed8261b31163838f24ac.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3984

memory/3984-132-0x0000000000000000-mapping.dmp

Download
memory/3984-133-0x0000000033500000-0x000000003355E000-memory.dmp

Filesize
376KB

Download
memory/3984-134-0x0000000033500000-0x000000003355E000-memory.dmp

Filesize
376KB

Download