a2bc5372658351f1f8442a9820c2f29a3cbaa1e19df6adc8ad6861932266ffb7

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 03:06

Target

foredu.com demo software/xSpeed.net/softsp.dll
Size

6KB
MD5

5e20df350a99680a30cdd18f641a1997
SHA1

7d82c5857010ee7af9db773f46a4ac17ebf571a2
SHA256

786b4865ba3d3a84e03ad53cc0f696dacb71073620094ce18e08851ddcb90a90
SHA512

fada598881ace3be2153f811a9556394b335a2eb6eeff97ca6b0d59df07d832f862a820ed762895ccea186c043eff7fd8dfa29e60223b245056da25c2c1912f7
SSDEEP

96:QN+wcGgn121d1b1EBD0eRFHmL8lBKpnD6QhfDYuYAq7MgNQf3X3X3frPf3lJxeI:QwwRK121d1Bw1RFGL8clEuYx7MAQnT9N

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3540	rundll32.exe
3540	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 3540	560	rundll32.exe	19
PID 560 wrote to memory of 3540	560	rundll32.exe	19
PID 560 wrote to memory of 3540	560	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\foredu.com demo software\xSpeed.net\softsp.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\foredu.com demo software\xSpeed.net\softsp.dll",#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3540