c61dc5924d9a70538df92b62620ce57d41ef46f496916caddb207d4be59ed097

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:34

Target

0144c5b7c886038d3ca052b8fe2ad6b1.dll
Size

82KB
MD5

0144c5b7c886038d3ca052b8fe2ad6b1
SHA1

d276fefd6f3b86b5fc8a31e882fabad14e99b1e4
SHA256

c61dc5924d9a70538df92b62620ce57d41ef46f496916caddb207d4be59ed097
SHA512

45374e6cd3b571594a90d40e24fa42e67d8b232801a2f3c78c2e4d38334f44e4acab658e6e83f51b1b36a282b0e1af444eed1f0fd0c88fd6f55066bd2c575c4b
SSDEEP

1536:r84oQPVPnNa6kpoN99bH6DsPCdWiH6CeCa3qgaFosuAc+ccdvghxmy7Zizr:r84XVg6hNjaDswWiaCef9CGAc3vg

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
956	rundll32.exe
956	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 956	3360	rundll32.exe	47
PID 3360 wrote to memory of 956	3360	rundll32.exe	47
PID 3360 wrote to memory of 956	3360	rundll32.exe	47

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0144c5b7c886038d3ca052b8fe2ad6b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0144c5b7c886038d3ca052b8fe2ad6b1.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:956

memory/956-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/956-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/956-2-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download