fef1ac9cc94893772475c5b5cddbf5b68d22d560c8458166f4f298c16774633d

Analysis

max time kernel
225s
max time network
239s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 06:38

Target

fef1ac9cc94893772475c5b5cddbf5b68d22d560c8458166f4f298c16774633d.dll
Size

27KB
MD5

c19d1b8172655b873538fa5c623c65dd
SHA1

087c22803511425215026aceaa53269b62be86c6
SHA256

fef1ac9cc94893772475c5b5cddbf5b68d22d560c8458166f4f298c16774633d
SHA512

7108495e2fc82feb1c9d8ae0b450eabcd78a3911faa33b5954723cecd12d45aee199cac6df930a464abfeeabf0fa8e05ca278f57e479f5e4e32e5cc2e64d6344
SSDEEP

384:thIxSxjq0JSJm2r/OKg6LkhVxfwlnVwQ3oy2d9WGXalHqRs:7I+q0YJm2rnQvxMwW9+3Kv

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4960	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 4960	2880	rundll32.exe	81
PID 2880 wrote to memory of 4960	2880	rundll32.exe	81
PID 2880 wrote to memory of 4960	2880	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef1ac9cc94893772475c5b5cddbf5b68d22d560c8458166f4f298c16774633d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef1ac9cc94893772475c5b5cddbf5b68d22d560c8458166f4f298c16774633d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4960

memory/4960-133-0x0000000001430000-0x000000000143D000-memory.dmp

Filesize
52KB

Download
memory/4960-134-0x0000000001450000-0x000000000145D000-memory.dmp

Filesize
52KB

Download