47e774a8071c2256a15b8a488a3381d9a06fa7d13ecded8b084f855ddc7198ad

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:06

Target

3cbd77aae2f50c923f0b2dde99ba8078.dll
Size

83KB
MD5

3cbd77aae2f50c923f0b2dde99ba8078
SHA1

a02c8cfc6b7c28af795087764e39833e2bc2fce6
SHA256

47e774a8071c2256a15b8a488a3381d9a06fa7d13ecded8b084f855ddc7198ad
SHA512

e3d456720e54cad46de6964bfbafc1d0682e0bc74d89dc5c77fa7502e5f06240537e02edcebf5faa2b77fe52ba7ecce10ab8124a2dcf13309153f6eacb0f6526
SSDEEP

1536:aEAVjPru0yBZggsWTPJzQ8U+7CgrmCajlKjDPGLH2zVU2me86LYYgXP1Y:a1rqlZrsKxzTU+75SCvjDPYmweVYlXP6

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4724	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 4724	2844	rundll32.exe	64
PID 2844 wrote to memory of 4724	2844	rundll32.exe	64
PID 2844 wrote to memory of 4724	2844	rundll32.exe	64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cbd77aae2f50c923f0b2dde99ba8078.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cbd77aae2f50c923f0b2dde99ba8078.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4724

memory/4724-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/4724-1-0x0000000000D40000-0x0000000000D4F000-memory.dmp

Filesize
60KB

Download
memory/4724-3-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/4724-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/4724-4-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download