67b54255e8207a2e7ff07fbe4f00ed113589ea464875c67a97d5d751f0247cca

Analysis

max time kernel
136s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 11:02

Target

67b54255e8207a2e7ff07fbe4f00ed113589ea464875c67a97d5d751f0247cca.dll
Size

736KB
MD5

5ff81939de814fda462b3b9eb4e2f42d
SHA1

b31a89179eef02d182c9e4d31757c87ef0dafb07
SHA256

67b54255e8207a2e7ff07fbe4f00ed113589ea464875c67a97d5d751f0247cca
SHA512

d9a134787480fac1d29ca12cb108455f17e6d054d1c0cb20d1046a24eb201912d05837e6c1fbf0f28c44b26cfab8d6b0c2fd7b51b51089eeefbae7c77d5c9230
SSDEEP

12288:PZQ/qZRqmgLkvpBUcqG2ftDs9AkAo70ED0:P6ibqtLuRqDftDULAo70W0

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3584	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 3584	932	rundll32.exe	86
PID 932 wrote to memory of 3584	932	rundll32.exe	86
PID 932 wrote to memory of 3584	932	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67b54255e8207a2e7ff07fbe4f00ed113589ea464875c67a97d5d751f0247cca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67b54255e8207a2e7ff07fbe4f00ed113589ea464875c67a97d5d751f0247cca.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3584

C:\Users\Admin\Desktop\config.ini

Filesize
75B

MD5
21a851e354d77c82f3c01f7661de9c70

SHA1
fbcfe390e5d2b0e522c483e977c419b6de3815a8

SHA256
2a15bee4510210f6cf71f115f5081d4eb037813cca18281def6d953ea289aa54

SHA512
91de30f6350ae6ca2bf53d75d85c56600dccded5d154b2ca8a7ac598892d6630eee3e7241a8893de4664b1ca0668b70a77f95079b2cc8a6c041ae057e2571cb6

Download Submit