4106adcf7cc4e207c354cdc50f195929f7d4261a3ed92d636dbefac1e0be6324

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 02:15

Target

4106adcf7cc4e207c354cdc50f195929f7d4261a3ed92d636dbefac1e0be6324.dll
Size

734KB
MD5

c5a42bb88855820b7f40f457d0240a9e
SHA1

94996c62210e149de6663af3d9416b9f27696f6b
SHA256

4106adcf7cc4e207c354cdc50f195929f7d4261a3ed92d636dbefac1e0be6324
SHA512

de9b8d0e15019dcbf1d973ac2cdd275843be2c80de5f2a5d03eb97ae2ad0cdd4fa6c189df8261e1d0b8f863bb80bfefca23c1ae8c641d39df28c7b59321b147c
SSDEEP

12288:0xNz1xDfr2N21uSCSjzseY8SIqHEXQ8zuDyjBzv7NQziTPXNmfTn1:Q5DDfr2kgajpY8SIwj8zZNQES

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3552	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 3552	232	rundll32.exe	85
PID 232 wrote to memory of 3552	232	rundll32.exe	85
PID 232 wrote to memory of 3552	232	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4106adcf7cc4e207c354cdc50f195929f7d4261a3ed92d636dbefac1e0be6324.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4106adcf7cc4e207c354cdc50f195929f7d4261a3ed92d636dbefac1e0be6324.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3552

memory/3552-0-0x0000000010000000-0x0000000010299000-memory.dmp

Filesize
2.6MB

Download
memory/3552-1-0x0000000002340000-0x0000000002343000-memory.dmp

Filesize
12KB

Download
memory/3552-2-0x0000000002340000-0x0000000002343000-memory.dmp

Filesize
12KB

Download