e2bfc1e3ffd6d570fa4435df12738854a6437a8e33eafdf9bd3dce4c64033102

Analysis

max time kernel
167s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:25

Target

146e769adfd808757bf0e45b579a4bf1.dll
Size

305KB
MD5

146e769adfd808757bf0e45b579a4bf1
SHA1

19689875f1836b8d98a603dd8ff2eaf85b76f652
SHA256

e2bfc1e3ffd6d570fa4435df12738854a6437a8e33eafdf9bd3dce4c64033102
SHA512

59b557543bb00558956b7f63798ab2c5bf970036a409d1ec860eb45fbe8987d46aebb322c1a420d5d3430d78db33114d353672432f9ccd11b611b094e7518933
SSDEEP

6144:FASdtYQ9gif6KpS4CM0sXjs3E3BXdhVO5up38ePYIPr8y+GTYr3:JdDTe4pXjDtzOUpMefrnG

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2732	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2732	1852	rundll32.exe	87
PID 1852 wrote to memory of 2732	1852	rundll32.exe	87
PID 1852 wrote to memory of 2732	1852	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\146e769adfd808757bf0e45b579a4bf1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\146e769adfd808757bf0e45b579a4bf1.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2732

memory/2732-0-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/2732-1-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download