49bc7f58c3ec1a611c356a9c6112322dbc696c3af0ca74a0649ec2a22d67ceee

Analysis

max time kernel
90s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 08:34

Target

672ada9cfe872ff884347cb28c96fc6c.dll
Size

53KB
MD5

672ada9cfe872ff884347cb28c96fc6c
SHA1

1137d6445f1728698f603885ec734bc34c7d7500
SHA256

49bc7f58c3ec1a611c356a9c6112322dbc696c3af0ca74a0649ec2a22d67ceee
SHA512

2843d2510c7d9ff96efb2bfb34b043285b2e1dc3d27cb33a59d8efe326d5fdfea542fe238957f720276d75e91f4aa9310177e02efa051a92e7b66fbc0330374b
SSDEEP

768:eKSyqu1E0GQgY6OCt2eMjtdZEvrgYYOw355881MZ/wiLxYuXAo5zOR+T4:6yqu1E0GQL5PtMF05dFiL3XAi68

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3296	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 3296	1688	rundll32.exe	71
PID 1688 wrote to memory of 3296	1688	rundll32.exe	71
PID 1688 wrote to memory of 3296	1688	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\672ada9cfe872ff884347cb28c96fc6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\672ada9cfe872ff884347cb28c96fc6c.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3296

memory/3296-0-0x00000000007E0000-0x00000000007F3000-memory.dmp

Filesize
76KB

Download