1e44344a2859aea00d7b4a1b95484e92973d3f4fca0a336ade6faba0991fac19

Analysis

max time kernel
147s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:26

Target

29f4f5268d8fb3e0516a9b107bd1cee9.dll
Size

92KB
MD5

29f4f5268d8fb3e0516a9b107bd1cee9
SHA1

79483b71ef2c9b0598bac9483c3dacbb4fff6a07
SHA256

1e44344a2859aea00d7b4a1b95484e92973d3f4fca0a336ade6faba0991fac19
SHA512

54869cb9aee7cda59dc304779b999af396e6daf38aa57e6798dbbcd6d127cfd1e8f6f39f062df727a1937ed063ffe28bc9cc68985dd68389d45607fdedc8fd6d
SSDEEP

1536:RMtQwcyWOGVHlomOC/9TxmkAI7k4UH0RJIWn5ywe6yI5O2k1zng8AHi7zfCRhqDE:SyVHKmOClrJRieee55k1D9qMWhWp8

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1460	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1460	1348	rundll32.exe	14
PID 1348 wrote to memory of 1460	1348	rundll32.exe	14
PID 1348 wrote to memory of 1460	1348	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f4f5268d8fb3e0516a9b107bd1cee9.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f4f5268d8fb3e0516a9b107bd1cee9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348

memory/1460-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1460-4-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1460-3-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1460-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/1460-1-0x0000000002510000-0x0000000002522000-memory.dmp

Filesize
72KB

Download