9ceccfa46e05b5fcac1f2e70506d4ef4e3894b2dbac6262d69dd2c80bd727027

Analysis

max time kernel
92s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 14:25

Target

67d8c00f09043f84ab79b1850aa78e22.dll
Size

296KB
MD5

67d8c00f09043f84ab79b1850aa78e22
SHA1

50241d24e751105a8acaedf069a13c9f2d27df61
SHA256

9ceccfa46e05b5fcac1f2e70506d4ef4e3894b2dbac6262d69dd2c80bd727027
SHA512

34d6ff74ba4a8a2ba78956223c33d689e87b0a5cae4d1fc9fac24176bbacf047faf39579f805c1b9c6bddeeabf47f46d554dfe5892757b959bc610f26e6e18ee
SSDEEP

6144:PrBgLyuERC0g1q+Cx7OJedJCMff8zdbMVhpmBfO8nRbP18lu14cAkRTKYcj2:diynRDbxu8JCM30dMVhsfDbd8+Z02

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 5100	2024	rundll32.exe	86
PID 2024 wrote to memory of 5100	2024	rundll32.exe	86
PID 2024 wrote to memory of 5100	2024	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67d8c00f09043f84ab79b1850aa78e22.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67d8c00f09043f84ab79b1850aa78e22.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5100

memory/5100-0-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/5100-1-0x00000000001F0000-0x00000000001F5000-memory.dmp

Filesize
20KB

Download
memory/5100-2-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/5100-3-0x00000000001F0000-0x00000000001F5000-memory.dmp

Filesize
20KB

Download