5215b58345a9da606633ab6e232e2c6fb24181b28e61fe048872f74c42f53af3

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 08:18

Target

5215b58345a9da606633ab6e232e2c6fb24181b28e61fe048872f74c42f53af3.dll
Size

980KB
MD5

a3161a64a1a7abbb526dfce1ecb0212d
SHA1

74025c224e39708a4be49ee39e656fb1749931ab
SHA256

5215b58345a9da606633ab6e232e2c6fb24181b28e61fe048872f74c42f53af3
SHA512

d6b26fb3886fb0fe37dab376c023c404ade20791e922f58893da4f18c5945f47ce36864132ee662dede2bed54d45e877ea3478ca3704290eddf89acb9a587a4b
SSDEEP

12288:i//1/ILdQUTHVZQW6LMAAGdbnI2ChmP41STQ37fbqFZ:i/d/IBLVOWmMA5NnNChmAcQ37fbqFZ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4268	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 4268	3776	rundll32.exe	83
PID 3776 wrote to memory of 4268	3776	rundll32.exe	83
PID 3776 wrote to memory of 4268	3776	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215b58345a9da606633ab6e232e2c6fb24181b28e61fe048872f74c42f53af3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215b58345a9da606633ab6e232e2c6fb24181b28e61fe048872f74c42f53af3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4268