7bff0f56dbf9ba217d6534b2dcf65367a08770cff985de96ea50587b41bff95f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:08

Target

1d156fa817e87f5616ead1ad55aba623.dll
Size

83KB
MD5

1d156fa817e87f5616ead1ad55aba623
SHA1

dfae725448a412152ac8949772f339e2b3d9a0a7
SHA256

7bff0f56dbf9ba217d6534b2dcf65367a08770cff985de96ea50587b41bff95f
SHA512

df7ffee6994fdf8db0b529146b4846c5c078da36f95ae6e4134b12111ed3679fb3cfdebb429b5387e770b4b17f014811249fac9850ec83be09d6719664690211
SSDEEP

1536:JoZMx2nRRTvEi0zYjHh188McgECSZdg5oO2Oi9FuIsfz5lQJMToisp2siu/H:JoZMMRRLEzuHhgQPc2O2xFYLjikPk

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3404	rundll32.exe
3404	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 3404	4676	rundll32.exe	16
PID 4676 wrote to memory of 3404	4676	rundll32.exe	16
PID 4676 wrote to memory of 3404	4676	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d156fa817e87f5616ead1ad55aba623.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:3404

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d156fa817e87f5616ead1ad55aba623.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4676

memory/3404-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/3404-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/3404-2-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download