0dc809b6eb441761ddab4070c1c4cae9050949278ea091e97e97a558993c5c1c

Analysis

max time kernel
146s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:49

Target

0dc809b6eb441761ddab4070c1c4cae9050949278ea091e97e97a558993c5c1c.dll
Size

804KB
MD5

ee3fdd6f7675e10329b3c89ee306af64
SHA1

b787592724a6cace1c0ed7ffd5dbce8c50ab971a
SHA256

0dc809b6eb441761ddab4070c1c4cae9050949278ea091e97e97a558993c5c1c
SHA512

9070b5051194ef6a282bde2ea6a3bcca624e5fe180cdac1b3efff48eea6a119b03acf27853e2e1f647126e82c15837e6df336630c723c038a5b329a48febd918
SSDEEP

6144:DC8n3UWe7EYShTNysUtR9Lp4eEjVoAAJJHQJLEAOxG34ojHO:N71pJUtR3RCVtEfPoTO

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4928	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4928	4032	rundll32.exe	80
PID 4032 wrote to memory of 4928	4032	rundll32.exe	80
PID 4032 wrote to memory of 4928	4032	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dc809b6eb441761ddab4070c1c4cae9050949278ea091e97e97a558993c5c1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dc809b6eb441761ddab4070c1c4cae9050949278ea091e97e97a558993c5c1c.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4928

memory/4928-133-0x0000000010000000-0x00000000100CA000-memory.dmp

Filesize
808KB

Download
memory/4928-134-0x0000000010000000-0x00000000100CA000-memory.dmp

Filesize
808KB

Download