817d08e6f45c3e66db44c130358eae8ff3d8f56738949748378c751c90650828

Analysis

max time kernel
97s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 12:40

Target

1f2574d52f35d33f385298dc6bca9ffc.dll
Size

50KB
MD5

1f2574d52f35d33f385298dc6bca9ffc
SHA1

913e2fc9deb802c86603ba67ef0e675d60bbcab3
SHA256

817d08e6f45c3e66db44c130358eae8ff3d8f56738949748378c751c90650828
SHA512

76fbf23969fbb7a6f143e1f2ea5adbee0b268a20cf36f699458edd8ba1e101f9afbfc3610a4dfca71ce97cfbf6bc2074536f581772130dcb0cb72bd411b8a158
SSDEEP

768:mRhKTUlTuw6y0VMe42phpCMAnqhTZxhCmsELbOkW8lm4X1XtN1c0:mUUlTuwcOjqhsmsy/JvlS

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\yinekovi.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\sazofato	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3764	rundll32.exe
3764	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 3764	828	rundll32.exe	22
PID 828 wrote to memory of 3764	828	rundll32.exe	22
PID 828 wrote to memory of 3764	828	rundll32.exe	22

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f2574d52f35d33f385298dc6bca9ffc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f2574d52f35d33f385298dc6bca9ffc.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:3764

memory/3764-2-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/3764-1-0x0000000002960000-0x0000000002965000-memory.dmp

Filesize
20KB

Download
memory/3764-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/3764-3-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/3764-4-0x0000000002960000-0x0000000002965000-memory.dmp

Filesize
20KB

Download