3302748c85f3ed1ea8a5b03437cd94b24f1faa4f9959470f689d26c9db401239

Analysis

max time kernel
127s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 11:51

Target

3302748c85f3ed1ea8a5b03437cd94b24f1faa4f9959470f689d26c9db401239.dll
Size

7.1MB
MD5

9a7aba0935bafe33160a88f07496fd66
SHA1

2443c756b83ab6af9e1da43049a28a3e7f4a133d
SHA256

3302748c85f3ed1ea8a5b03437cd94b24f1faa4f9959470f689d26c9db401239
SHA512

e3a778995a815a0bb94273b3ba2238cd491fd4d69737216ceb3d26c571ed26e85592248e625fd477b3e195914bddc21e8c31f9dab073234885b34e325ee6d4b7
SSDEEP

98304:svKE1pa0281+BzS5BWDjx3fdxkQvxzIZIDcLhV84kPdaJsv6tWKFdu9CODgJWisk:21pa0281F6ksH0Jsv6tWKFdu9COcJZs

Score

1^/10

Suspicious use of SetWindowsHookEx 32 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 4580	1096	rundll32.exe	87
PID 1096 wrote to memory of 4580	1096	rundll32.exe	87
PID 1096 wrote to memory of 4580	1096	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3302748c85f3ed1ea8a5b03437cd94b24f1faa4f9959470f689d26c9db401239.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3302748c85f3ed1ea8a5b03437cd94b24f1faa4f9959470f689d26c9db401239.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4580