45dabb1572563f21f86b2706944d7ef1b5cf34a2661f7ae2a1578fa35a3f4fef

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 20:04

Target

9008315c2bfaa5ef3c9a79a232583fdc.dll
Size

89KB
MD5

9008315c2bfaa5ef3c9a79a232583fdc
SHA1

8741bdb515ae7f0800e4b71e6a533676b3505e3a
SHA256

45dabb1572563f21f86b2706944d7ef1b5cf34a2661f7ae2a1578fa35a3f4fef
SHA512

167cfdbd2b18606a6619ab9b70825fb358b1763bf97c2111580aef37d01330c8dce345ec359b30984b0be4f276ff71203932d9361a2df41d1087b78fcf105f18
SSDEEP

1536:EbGFDQyACpzyYqnBSS6iflLoNCJOyYoGUIFc3Wb++/zVeOvg55q59:EbEHyYqnB86qCR3IFc3WCWoX4/

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2616	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 2616	4700	rundll32.exe	86
PID 4700 wrote to memory of 2616	4700	rundll32.exe	86
PID 4700 wrote to memory of 2616	4700	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9008315c2bfaa5ef3c9a79a232583fdc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9008315c2bfaa5ef3c9a79a232583fdc.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2616

memory/2616-0-0x0000000000B00000-0x0000000000B0A000-memory.dmp

Filesize
40KB

Download