Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 11:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c880d1fd6644b71e1c613c3ab6366a6c.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c880d1fd6644b71e1c613c3ab6366a6c.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
c880d1fd6644b71e1c613c3ab6366a6c.dll
-
Size
86KB
-
MD5
c880d1fd6644b71e1c613c3ab6366a6c
-
SHA1
87ceee4ea2e0746211fb13fa268c935c4199f292
-
SHA256
c6f6f62d01e15ed0688d60386c4b077e194c27dfd8748491e4046751c40c70a9
-
SHA512
dc10bf8e6960e670c2c73c6a1d7a5f1494ca3f528a71aceaad30bdaf2ac806a0ce935756e0148f1c8c78d626c1c77d38afdfe2a48c52d18239f2f53a63cbf471
-
SSDEEP
1536:aTqVcN616xM0fah27Ys2B+Tn9kMynjviFHND5QKUppmozJLzu:3+6oH2cdyjnjkQVmWJ+
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2036 rundll32.exe 2036 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1388 wrote to memory of 2036 1388 rundll32.exe 87 PID 1388 wrote to memory of 2036 1388 rundll32.exe 87 PID 1388 wrote to memory of 2036 1388 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c880d1fd6644b71e1c613c3ab6366a6c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c880d1fd6644b71e1c613c3ab6366a6c.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2036
-