eaf6b0aac21cfe73817df8b18c9229f2a0588daa2667c2c0cf11116e278047df

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 11:41

Target

1b8f1fccea14ecd648a9014eb6fec775.dll
Size

79KB
MD5

1b8f1fccea14ecd648a9014eb6fec775
SHA1

116fb3cca5c35d7eb32a1c42916776b0b660773b
SHA256

eaf6b0aac21cfe73817df8b18c9229f2a0588daa2667c2c0cf11116e278047df
SHA512

a4ee25ed17522d22b28b24998766ec7dbd66dd333e3080ad55a925ce0b4c2727ad9bfcff2d4273d5e4f13c3f434e26768c90eb9facd607f23bef821f68905b79
SSDEEP

1536:gzARXC49/NmjfOzatoOFRRMK2f4fowc3r51+bbAsvjxGS:lSIkbjRMK2fWowOrMtLcS

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3364	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 3364	4480	rundll32.exe	89
PID 4480 wrote to memory of 3364	4480	rundll32.exe	89
PID 4480 wrote to memory of 3364	4480	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b8f1fccea14ecd648a9014eb6fec775.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b8f1fccea14ecd648a9014eb6fec775.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3364

memory/3364-1-0x0000000002680000-0x0000000002685000-memory.dmp

Filesize
20KB

Download
memory/3364-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/3364-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/3364-3-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/3364-5-0x0000000002680000-0x0000000002685000-memory.dmp

Filesize
20KB

Download