04ab5300090d73f4eb7b7e0e16924673ae81911546e46cf7b90b91cca09cdb9e

Analysis

max time kernel
60s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2023 19:25

Target

04ab5300090d73f4eb7b7e0e16924673ae81911546e46cf7b90b91cca09cdb9e.dll
Size

531KB
MD5

b3879b57f083a1a1b95befb0ea943591
SHA1

62a3d4352a01eb16bf30e821664c537747bb0055
SHA256

04ab5300090d73f4eb7b7e0e16924673ae81911546e46cf7b90b91cca09cdb9e
SHA512

6151d0633343f7eb4be443c426dc7372e4f57142c55c6a9742de900a86fd9b16e70334a92c7ef04c863c1f68c1abe89c6da6820f2280445fed9f1ecca6d60a2f
SSDEEP

12288:A9rELuAZ48+RzVc113VL3kXZBRTa/FyAL2jA7I43bkFB:AaLF4i113t+Z3njA7IJFB

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

4176 rundll32.exe

pid	process
4176	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 748 wrote to memory of 4176	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 4176	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 4176	748	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04ab5300090d73f4eb7b7e0e16924673ae81911546e46cf7b90b91cca09cdb9e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04ab5300090d73f4eb7b7e0e16924673ae81911546e46cf7b90b91cca09cdb9e.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:4176

memory/4176-134-0x0000000010000000-0x0000000010163000-memory.dmp

Filesize
1.4MB

Download
memory/4176-133-0x0000000010000000-0x0000000010163000-memory.dmp

Filesize
1.4MB

Download
memory/4176-135-0x0000000010000000-0x0000000010163000-memory.dmp

Filesize
1.4MB

Download
memory/4176-136-0x0000000010000000-0x0000000010163000-memory.dmp

Filesize
1.4MB

Download