25b570d64b091a4afbb3e4133b00e4c6fab577896ce7e3421a172483653bd0da

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:30

Target

3814110a51a948282733b9aa5b05d9c8.dll
Size

92KB
MD5

3814110a51a948282733b9aa5b05d9c8
SHA1

70d27ee6c1c706f812917718d32de3c92bd4f992
SHA256

25b570d64b091a4afbb3e4133b00e4c6fab577896ce7e3421a172483653bd0da
SHA512

e9b2c83f6e4dc0c0d9e7ea51ee0276b71959c4da3a00696671d8913ff10e44a63c88bd67dda3de612754711accc6a404b64a6330c5528f17443a9273d4402f90
SSDEEP

1536:RMtQwcyWOGVHlomOC/9TxmkAI7k4UH0RJIWn5ywe6yI5O2k1zng8AHi7zfCRhqDT:SyVHKmOClrJRieee55k1D9qMWhWpL

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4712	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4712	5108	rundll32.exe	19
PID 5108 wrote to memory of 4712	5108	rundll32.exe	19
PID 5108 wrote to memory of 4712	5108	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3814110a51a948282733b9aa5b05d9c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3814110a51a948282733b9aa5b05d9c8.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4712

memory/4712-1-0x00000000009E0000-0x00000000009F2000-memory.dmp

Filesize
72KB

Download
memory/4712-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/4712-3-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/4712-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download