e20735326a74bf07c6fbe6d6d26b0b9f03f797b1ccc3edb54601b1b4cd967876

Analysis

max time kernel
103s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 04:51

Target

e20735326a74bf07c6fbe6d6d26b0b9f03f797b1ccc3edb54601b1b4cd967876.dll
Size

750KB
MD5

a5f4293b49513d09e8b9d95f60628b12
SHA1

49356857089e5cddd9fce0b690fda7fbbc8572d4
SHA256

e20735326a74bf07c6fbe6d6d26b0b9f03f797b1ccc3edb54601b1b4cd967876
SHA512

262d75f1f2d4088d67b081da2287cbb582a5c458c2ebd7e2262600549852b62003ade4d65678e5de2b7e1227a9c55503e56231a7cfe0b3bcd7ca05703d245279
SSDEEP

12288:+0VmjyMT97Vji3NxD/BtIfghBIMieTBvZrZxIC:JQyq9pjidxDw4hBnvZnIC

Score

1^/10

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3660 wrote to memory of 1492	3660	rundll32.exe	rundll32.exe
PID 3660 wrote to memory of 1492	3660	rundll32.exe	rundll32.exe
PID 3660 wrote to memory of 1492	3660	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e20735326a74bf07c6fbe6d6d26b0b9f03f797b1ccc3edb54601b1b4cd967876.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e20735326a74bf07c6fbe6d6d26b0b9f03f797b1ccc3edb54601b1b4cd967876.dll,#1
2⤵
- Suspicious use of SetWindowsHookEx
PID:1492

memory/1492-135-0x0000000010000000-0x0000000010189000-memory.dmp

Filesize
1.5MB

Download
memory/1492-133-0x0000000010000000-0x0000000010189000-memory.dmp

Filesize
1.5MB

Download
memory/1492-134-0x0000000010000000-0x0000000010189000-memory.dmp

Filesize
1.5MB

Download
memory/1492-136-0x0000000010000000-0x0000000010189000-memory.dmp

Filesize
1.5MB

Download
memory/1492-137-0x0000000010000000-0x0000000010189000-memory.dmp

Filesize
1.5MB

Download