50396e0da5e838ded5c8f708eef8ccc92bdbebcb868009fee1cb63d38aa0a133

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 04:28

Target

5288c458e6c4c6656d1a8d5bb7c393da.dll
Size

43KB
MD5

5288c458e6c4c6656d1a8d5bb7c393da
SHA1

983f21c01c21865359c39a32268378face979c4a
SHA256

50396e0da5e838ded5c8f708eef8ccc92bdbebcb868009fee1cb63d38aa0a133
SHA512

ba0002c4fba62e192ddf29c0894cd0f943ddafcf71913f40755ffeb0585b75f76e8492229c4059a9ed374486f7b8180d6dab5c7c502fbdca435b71288742a451
SSDEEP

768:GMCpqFQ6wKG1iW1McP6E7C9+CSdM3xFKjVG/4HXL12pA4Sw8DeLS8x:wpqFQTPCcP/CSdHmg/ox

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4652	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 4652	3044	rundll32.exe	90
PID 3044 wrote to memory of 4652	3044	rundll32.exe	90
PID 3044 wrote to memory of 4652	3044	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5288c458e6c4c6656d1a8d5bb7c393da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5288c458e6c4c6656d1a8d5bb7c393da.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4652

memory/4652-0-0x0000000000560000-0x000000000056E000-memory.dmp

Filesize
56KB

Download
memory/4652-1-0x0000000077D52000-0x0000000077D53000-memory.dmp

Filesize
4KB

Download
memory/4652-2-0x0000000077D52000-0x0000000077D53000-memory.dmp

Filesize
4KB

Download
memory/4652-3-0x0000000000560000-0x000000000056E000-memory.dmp

Filesize
56KB

Download