78d7316f8461e6c2e73cab0280f9ad32be804c81a60de38a38581c51c82c3ef0

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 08:21

Target

13496c60f01311151923a17b50a90f88.dll
Size

50KB
MD5

13496c60f01311151923a17b50a90f88
SHA1

8d3d97eb002d63dec42a1435306fedd877e5be3c
SHA256

78d7316f8461e6c2e73cab0280f9ad32be804c81a60de38a38581c51c82c3ef0
SHA512

0cf415b3657f7cf49d74d20e606373d42d7dd60d2ed96b78a730a28aed8a2186939547cb0a1f1ed9286e80737ddc65b99ab295ae04747849416ce04af7dbac6d
SSDEEP

768:+jOHxct1hQ9+s1Ywy2zEo8bhe4KmzBgyvVKk18fM516QiJ5B0G:rx3UsLPzwtBgYb516QiJ5X

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2692	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2692	3556	rundll32.exe	88
PID 3556 wrote to memory of 2692	3556	rundll32.exe	88
PID 3556 wrote to memory of 2692	3556	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13496c60f01311151923a17b50a90f88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13496c60f01311151923a17b50a90f88.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2692

memory/2692-0-0x0000000077312000-0x0000000077313000-memory.dmp

Filesize
4KB

Download
memory/2692-1-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/2692-3-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

Filesize
4KB

Download
memory/2692-2-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/2692-4-0x0000000077312000-0x0000000077313000-memory.dmp

Filesize
4KB

Download
memory/2692-5-0x0000000000210000-0x0000000000224000-memory.dmp

Filesize
80KB

Download