2e66283f8b0a68a81eb41cdbed6d77099d2c3d1e8fc14bc7508ddaf1be1373cb

Analysis

max time kernel
142s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 23:06

Target

c71369c4de64e76f34b3cbb29bf21ef4.dll
Size

73KB
MD5

c71369c4de64e76f34b3cbb29bf21ef4
SHA1

872e18865ce3e386727c9ef4b34f2b776d5979b2
SHA256

2e66283f8b0a68a81eb41cdbed6d77099d2c3d1e8fc14bc7508ddaf1be1373cb
SHA512

0e8ec350e4536175faf222e95d48dfe787390d8498da7d0b3d1d7154713797278347a30191b4da7ee1d2d18101f4f2cb970638f5e3a7a667388cdc7b71b3c5e9
SSDEEP

1536:vuOCHlx4YfdFs7neO1udigaIkGd8XkmsvnJNVgIATL88Cgh3HjAgMG:ilxtdFOneO1udXAXPggTL0C3HjXMG

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
776	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 776	2152	rundll32.exe	88
PID 2152 wrote to memory of 776	2152	rundll32.exe	88
PID 2152 wrote to memory of 776	2152	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c71369c4de64e76f34b3cbb29bf21ef4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c71369c4de64e76f34b3cbb29bf21ef4.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:776

memory/776-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/776-1-0x0000000000890000-0x0000000000895000-memory.dmp

Filesize
20KB

Download
memory/776-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/776-4-0x0000000000890000-0x0000000000895000-memory.dmp

Filesize
20KB

Download