861036ca8fdef4bbcd90e58fa06e446c1ee5ef968debe245da4db51ce2aca563

Analysis

max time kernel
62s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/02/2023, 06:35

Target

861036ca8fdef4bbcd90e58fa06e446c1ee5ef968debe245da4db51ce2aca563.dll
Size

716KB
MD5

9e72d26f52ab267ea3d0366e4f09de76
SHA1

ea8b4330f753fa80c07ef83bf90aa205322c0314
SHA256

861036ca8fdef4bbcd90e58fa06e446c1ee5ef968debe245da4db51ce2aca563
SHA512

060c058eaa89eab318ca7a81fbb6851d5827895d2be8eb08c0a1c3fa5e7c7d23fdb82fc386e8d96ca11bfcf1af884f5feb85b2d91473c04a6fa80891cfba63e9
SSDEEP

12288:+RK0xT337Fkp5b0JqB42qnCGve75WyPF1iT:t0d337Fkp5b0U4PnmNbPFAT

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4608	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4608	5048	rundll32.exe	81
PID 5048 wrote to memory of 4608	5048	rundll32.exe	81
PID 5048 wrote to memory of 4608	5048	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\861036ca8fdef4bbcd90e58fa06e446c1ee5ef968debe245da4db51ce2aca563.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\861036ca8fdef4bbcd90e58fa06e446c1ee5ef968debe245da4db51ce2aca563.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4608