fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b

Analysis

max time kernel
90s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 21:13

Target

fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll
Size

785KB
MD5

a6316108058a5ec96eb2e470606dffe4
SHA1

b2fc9e82c363468d4d0c3855b4d98637ea7bdbae
SHA256

fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b
SHA512

c5f70c77b8c87a5c1fdb325523ab8d9129f8bd353d4e7536b559b93dc2875bbda415ca92dc0accf833eaf1a5baada1f236b19d0b3a7b893fd7179f509fe11fbb
SSDEEP

12288:agmNNMTluM7lS5sD+FhxrdDkYxdgojNR2OwsfJb8g6PR:aRQgGlcsKPBDkZoj3PJb8x5

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2056	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2056	2088	rundll32.exe	80
PID 2088 wrote to memory of 2056	2088	rundll32.exe	80
PID 2088 wrote to memory of 2056	2088	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2056