bd958f6dc89bd51556670a9d088c042038ddb4d5382bd0afc0e16a3fce61fbd2

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:50

Target

6135b7bbc1be847aee54b6fae9b487fe.dll
Size

63KB
MD5

6135b7bbc1be847aee54b6fae9b487fe
SHA1

eb2a11c615e04b0a527835600f7607e9cfebd5d7
SHA256

bd958f6dc89bd51556670a9d088c042038ddb4d5382bd0afc0e16a3fce61fbd2
SHA512

7de439b3535b95a4b124c0bf6561bb07597637e65d6e29a71a2c556a7d13ca85b471da0924679433e9cbd2c2e4d21e7e9c2f2f5b6945721f14895a2c5f1f2529
SSDEEP

1536:NfODSoPcdLh57ZDKVjqlVWrRc8rHmPDxTqotMU+:NfjoYX7ZDKkurTUDxTqoGU+

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4612	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4612	4920	rundll32.exe	14
PID 4920 wrote to memory of 4612	4920	rundll32.exe	14
PID 4920 wrote to memory of 4612	4920	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6135b7bbc1be847aee54b6fae9b487fe.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:4612

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6135b7bbc1be847aee54b6fae9b487fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920

memory/4612-1-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/4612-3-0x0000000000F50000-0x0000000000FDC000-memory.dmp

Filesize
560KB

Download
memory/4612-2-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/4612-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/4612-4-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download