770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 08:50

Target

770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll
Size

855KB
MD5

ede403a704e2b1db333364729e6c7e7f
SHA1

41307228ca980030f57090e9492361ce000e09b6
SHA256

770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f
SHA512

98284049fa1d9605b0f53ea1f83990473de6ee7eb4434cac4ff5f3f935ccf72d8e26c597c6ec6124af462cf8bda084f5fed32e273e7bad2b25dd4c1fc66135a3
SSDEEP

24576:KdrI2XaONCmvC0p1BjqM9ksEMMhb+aJ+EQhUZNkVZG:KdrI2/NPRdysXNuN7k

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
17	2976	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2976	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 2976	4608	rundll32.exe	86
PID 4608 wrote to memory of 2976	4608	rundll32.exe	86
PID 4608 wrote to memory of 2976	4608	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\770c851812c2412815568e027c7b37cd2d912f70610e0ee805cf86d6d6f6f49f.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of SetWindowsHookEx
  PID:2976

memory/2976-0-0x0000000010000000-0x0000000010329000-memory.dmp

Filesize
3.2MB

Download
memory/2976-1-0x0000000000C80000-0x0000000000C83000-memory.dmp

Filesize
12KB

Download
memory/2976-2-0x0000000000C80000-0x0000000000C83000-memory.dmp

Filesize
12KB

Download