c0551f1c5134e99a063b1c247e2ba081dd3bf0daa75d47536cd42cff0a1e1309

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 20:29

Target

c0551f1c5134e99a063b1c247e2ba081dd3bf0daa75d47536cd42cff0a1e1309.dll
Size

2.2MB
MD5

2693bcc1f4517af9c079745e7553bedb
SHA1

3cff9da9f691dd5c4972d5c3bb922944918795fa
SHA256

c0551f1c5134e99a063b1c247e2ba081dd3bf0daa75d47536cd42cff0a1e1309
SHA512

dbba0866a343881b0d17c994168a2d2849723e5908da541f24812ed37069b71a7e42a46816ca5a65c351f40aefbc99e6cbea55616005bb1b3ea640501981036b
SSDEEP

49152:zO8svoCQaiqznQ8vwl1Ku1l1amOsXgQHu:68sQCQajbvwl1RaqQ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4016	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 4016	3928	rundll32.exe	83
PID 3928 wrote to memory of 4016	3928	rundll32.exe	83
PID 3928 wrote to memory of 4016	3928	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0551f1c5134e99a063b1c247e2ba081dd3bf0daa75d47536cd42cff0a1e1309.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0551f1c5134e99a063b1c247e2ba081dd3bf0daa75d47536cd42cff0a1e1309.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4016