2b6d4ef6ca6f7e2bb23f8d88c2b24f6cb2f3b54ba0a2e81179baf54b2e19a926

Analysis

max time kernel
157s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 21:18

Target

c6e12e9c8057c6aaa3f9702a28558abd.dll
Size

312KB
MD5

c6e12e9c8057c6aaa3f9702a28558abd
SHA1

fc517bd7fcba5d1c2113c31e659865a4229becb0
SHA256

2b6d4ef6ca6f7e2bb23f8d88c2b24f6cb2f3b54ba0a2e81179baf54b2e19a926
SHA512

d9f6dce1f83a22135ea0f3ce61dcc070119d631a42672a5229147d8bd1c10bdfc3da924a087c1211aaa1c011ea87028a9abe25d516944324cb544c090ec34004
SSDEEP

3072:fpWe5vAIq4cKeCI6KTzDjTKApHbhAqu5bP9KOybjF+Vt4vlxkOgTwKKBWI8UFtPx:fpKI26s77haVI380TXCoCen

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
220	rundll32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
220	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
220	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 220	5060	rundll32.exe	87
PID 5060 wrote to memory of 220	5060	rundll32.exe	87
PID 5060 wrote to memory of 220	5060	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6e12e9c8057c6aaa3f9702a28558abd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6e12e9c8057c6aaa3f9702a28558abd.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:220