86f8f8b0208391fff437a676a2785a304eb2dcb4d4e792caceb38188c9f23480

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 12:57

Target

704708491038f0446cbd5cb83d87dbe6.dll
Size

66KB
MD5

704708491038f0446cbd5cb83d87dbe6
SHA1

26bfa044c030051c3662ca70faf1c171c6169e5a
SHA256

86f8f8b0208391fff437a676a2785a304eb2dcb4d4e792caceb38188c9f23480
SHA512

f6bd6fb8ea22c2545d4d9075f1ac148f9b0fbd891d02eb3f6012ab82b6d998093fa2eb8659fce96197067be763011cc52e6875dc50bac0a94e9bd9df761e9386
SSDEEP

1536:iv0VDKj+49DZovcvffMdaUE1ViNmQ+Uw95qGj7SVO4tP:S0VN4hZPnMA7EllwD1qO4tP

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
228	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 228	4616	rundll32.exe	16
PID 4616 wrote to memory of 228	4616	rundll32.exe	16
PID 4616 wrote to memory of 228	4616	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\704708491038f0446cbd5cb83d87dbe6.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:228

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\704708491038f0446cbd5cb83d87dbe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4616

memory/228-1-0x0000000001DC0000-0x0000000001E4D000-memory.dmp

Filesize
564KB

Download
memory/228-3-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/228-2-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/228-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/228-5-0x0000000001DC0000-0x0000000001E4D000-memory.dmp

Filesize
564KB

Download
memory/228-4-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download