57ba978c61b9f527c5f441256c5563734ba560f098b5b22b4fb2e5dec2b60383

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 20:13

Target

3a9a121e775716aa222400c444d7c886.dll
Size

84KB
MD5

3a9a121e775716aa222400c444d7c886
SHA1

82b32872c130bd82cb260cf96f793f3a7c5435b6
SHA256

57ba978c61b9f527c5f441256c5563734ba560f098b5b22b4fb2e5dec2b60383
SHA512

4645edf64366a43dbb3e5788aaf3c0225000f138b45161967959e7686566d93d145de4f930a21fecc5d68a8e5c141f71229be0f4cccadf520b6645b1b5fb3db9
SSDEEP

1536:MSaY+uEcUDS1d9+UbuMqJzQPiBfzSa7JEeT5EcwWMroLXPWG:L7+9hDafiMqJzQPCfm4JEeT5d4r3G

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1044	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1044	1492	rundll32.exe	16
PID 1492 wrote to memory of 1044	1492	rundll32.exe	16
PID 1492 wrote to memory of 1044	1492	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1044

memory/1044-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1044-1-0x0000000000EB0000-0x0000000000EBF000-memory.dmp

Filesize
60KB

Download
memory/1044-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1044-3-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download