ebd8e1f3db3f0bf0a0c0f5f7ab957f376dc66f5653c321a6e5755001beab1dd0

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 04:54

Target

ebd8e1f3db3f0bf0a0c0f5f7ab957f376dc66f5653c321a6e5755001beab1dd0.dll
Size

972KB
MD5

f55abb1f306402f9c629c1fdbddd8624
SHA1

287284c71d2ca9fc8d78e1fbd39760d5568eed37
SHA256

ebd8e1f3db3f0bf0a0c0f5f7ab957f376dc66f5653c321a6e5755001beab1dd0
SHA512

f60f4faa0d60f45fe8bb34f90605f5e1bb0925bded98cd01068177270f70574e32d693ee070270ddfb5502508b13aaa0cee9d41ae76076379207e47c92057238
SSDEEP

24576:OQ5nbDB2jtxYLHNnr+lNqn9EFPjeGGFpOHlKoAUvdtMbqBdrYhKspuC+7gMeI:PDB+txYLHNr+fF6bFpOHlKoAUvdtMbqY

Score

8^/10

Blocklisted process makes network request 6 IoCs

Suspicious behavior: LoadsDriver 3 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1676	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 1676	4372	rundll32.exe	88
PID 4372 wrote to memory of 1676	4372	rundll32.exe	88
PID 4372 wrote to memory of 1676	4372	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebd8e1f3db3f0bf0a0c0f5f7ab957f376dc66f5653c321a6e5755001beab1dd0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebd8e1f3db3f0bf0a0c0f5f7ab957f376dc66f5653c321a6e5755001beab1dd0.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of SetWindowsHookEx
  PID:1676

memory/1676-0-0x0000000010000000-0x0000000010119000-memory.dmp

Filesize
1.1MB

Download
memory/1676-1-0x0000000010000000-0x0000000010119000-memory.dmp

Filesize
1.1MB

Download