b87f08a496ac4194ea94a0019eade90c10afa5f6227cfd50364cf85c99b49a8a

Analysis

max time kernel
152s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 07:55

Target

b87f08a496ac4194ea94a0019eade90c10afa5f6227cfd50364cf85c99b49a8a.dll
Size

307KB
MD5

1e5a48b514ea8482b51a4b937fa85221
SHA1

a580388040afa97deae39410e1ef855f80e0870d
SHA256

b87f08a496ac4194ea94a0019eade90c10afa5f6227cfd50364cf85c99b49a8a
SHA512

64b16ac7df69d3090f42be8bf5ef772322d49f802688bd20a2ed1492723102adacdcdaf0b807042fe8ee73e9d1e26fc30eb5ffec254f4a062bb8ed58495681c8
SSDEEP

6144:ZbAkIULzX1oZ2wwxyLPEyOH5/T0cS9W8DtRZPcLtJtHMoWxM4a7SAlDn8s/ygF:JDxhgNOZaJZkL/d29a7flL8QfF

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3328	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 3328	4764	rundll32.exe	80
PID 4764 wrote to memory of 3328	4764	rundll32.exe	80
PID 4764 wrote to memory of 3328	4764	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b87f08a496ac4194ea94a0019eade90c10afa5f6227cfd50364cf85c99b49a8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b87f08a496ac4194ea94a0019eade90c10afa5f6227cfd50364cf85c99b49a8a.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3328

memory/3328-133-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download