a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d

Analysis

max time kernel
67s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 10:38

Target

a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll
Size

308KB
MD5

9bf2eac3183086b2e6491bd518285a44
SHA1

73a8c1505546b7a656faac2de652c514e87e8ef1
SHA256

a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d
SHA512

3dd743f3ec20647543287388e67fb38f9668547585f1199f084a1d4fdda08f87b97acc8917c0be6a2405fa929bc8405b983614e91af681512559ddf6509426ca
SSDEEP

6144:U6iPELHgnrHc0BNPEAIzclobAXdK0CBxCnouuoO85t0NyakXSDoKBVPK:U6Q8Hgzj2zQXdKnxDe0Qakd8K

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1824	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1824	2440	rundll32.exe	79
PID 2440 wrote to memory of 1824	2440	rundll32.exe	79
PID 2440 wrote to memory of 1824	2440	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a0f246e98b7aba25537ce35ee375cbd80100db43663c4340c35ff0cc2cd50d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1824

memory/1824-133-0x0000000010000000-0x000000001009B000-memory.dmp

Filesize
620KB

Download