f9b4b2c09c029d38ab24cbb94e35a5b5f3cfc6ccbb727a8ac03b0ffe54f99074

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 23:51

Target

f9b4b2c09c029d38ab24cbb94e35a5b5f3cfc6ccbb727a8ac03b0ffe54f99074.dll
Size

790KB
MD5

a94793e70e4f61f3eacd8ca52232130a
SHA1

8bf821cc67ea714cdc2b3b3c53587adb3b4d92d2
SHA256

f9b4b2c09c029d38ab24cbb94e35a5b5f3cfc6ccbb727a8ac03b0ffe54f99074
SHA512

92368d1338eff814c8157f72e33493b02e9c95b3303caac4dd24233bcd50cb3b967014019c1c780e13358655c5abf30de4a73dd284e0af20fd5876a2dda163ed
SSDEEP

6144:JjegBXXdQ2TLnOK7FVuquT9LPqAXuzsMQMRY5VTc4txmGZewW1xaLbJfYi5eZwQk:JBLHnOK7PoUIM8wSmGQwUGgiflVyI

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3800	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 3800	2492	rundll32.exe	81
PID 2492 wrote to memory of 3800	2492	rundll32.exe	81
PID 2492 wrote to memory of 3800	2492	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b4b2c09c029d38ab24cbb94e35a5b5f3cfc6ccbb727a8ac03b0ffe54f99074.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b4b2c09c029d38ab24cbb94e35a5b5f3cfc6ccbb727a8ac03b0ffe54f99074.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3800