18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e

Analysis

max time kernel
129s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 11:35

Target

18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e.dll
Size

968KB
MD5

d8d5a23fea07be98e316d53c906fd68c
SHA1

cc1b849d69a6b37e50d247a63fdfd9e31dff4b07
SHA256

18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e
SHA512

6b2c65ed2515a32ac71d5b2992d691790f692d11216c1fa639d1d1467d9c82f6aa53b31163a4e86d79751bda7f449d99f6315d3db221f79b64e7f5a8ccd0270e
SSDEEP

24576:YOQgOF2ikXc6bHpa7QhKspQ59VQFwqlSHCTchvCmUI04ylyPMvJQWZ1Wzx:rg6Fa7QhKspy

Score

8^/10

Blocklisted process makes network request 6 IoCs

Suspicious behavior: LoadsDriver 3 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2840	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 2840	3652	rundll32.exe	14
PID 3652 wrote to memory of 2840	3652	rundll32.exe	14
PID 3652 wrote to memory of 2840	3652	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3652

memory/2840-0-0x0000000010000000-0x0000000010118000-memory.dmp

Filesize
1.1MB

Download
memory/2840-1-0x0000000010000000-0x0000000010118000-memory.dmp

Filesize
1.1MB

Download