9fdd57539a0ef4f7cbdde6057dca711f466779d4e32ba3493d945b6ad2e26f51

Analysis

max time kernel
151s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:24

Target

2199577af9c4c5e3475784dc2e60af6a.dll
Size

85KB
MD5

2199577af9c4c5e3475784dc2e60af6a
SHA1

fe38b69c7cb01fd726837636e18049d9831dd156
SHA256

9fdd57539a0ef4f7cbdde6057dca711f466779d4e32ba3493d945b6ad2e26f51
SHA512

d60793a8b468c8885c053f1aeeca5df7db38df29d6a6e20842b729bda6b6c7c19bee76e7406c1a469b35e8efba3b357c372f8cacf468ca8d36312ee47d8f04db
SSDEEP

1536:t5Zd1CG33MD2mmg29+2Oa0OYziAha31N2cqHk5LVxxqpQjYw44A7wcRAP5i7Di1x:93Bn/R9+jYY7+wHmxxQMYw44AscRs29y

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1708	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1708	2068	rundll32.exe	90
PID 2068 wrote to memory of 1708	2068	rundll32.exe	90
PID 2068 wrote to memory of 1708	2068	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2199577af9c4c5e3475784dc2e60af6a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2199577af9c4c5e3475784dc2e60af6a.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1708

memory/1708-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1708-1-0x0000000000FA0000-0x0000000000FAF000-memory.dmp

Filesize
60KB

Download
memory/1708-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1708-3-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1708-5-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1708-6-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download