Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 06:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0ac87a3896d78b15606283427e3f2992.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ac87a3896d78b15606283427e3f2992.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
0ac87a3896d78b15606283427e3f2992.dll
-
Size
83KB
-
MD5
0ac87a3896d78b15606283427e3f2992
-
SHA1
379a7fb92eb525472f5d4f222c71ebc02d1db02a
-
SHA256
e3195c250694694bba05f321aa469dece69970c75a74288cf647a4a99618204a
-
SHA512
fbe218d47138f0ad30040989a2f30fb1e3931a89fd5f4d81b84c5ac236ecb21903b0ca04a80210afc473d7defb4fc48fc680d65e992c5e2b9b851b7ce7d3cf69
-
SSDEEP
1536:c1QwmRg85Yzhr0WsxAyxNXVhbJ/zzW5n/u8K3lT:EAg8mzhrenHFhbJXWV//+
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2360 rundll32.exe 2360 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5096 wrote to memory of 2360 5096 rundll32.exe 14 PID 5096 wrote to memory of 2360 5096 rundll32.exe 14 PID 5096 wrote to memory of 2360 5096 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#11⤵
- Suspicious use of SetWindowsHookEx
PID:2360
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5096