7d695e95afbcf649e04d02822989ed38f0b774f86c4830bce0e6f193413e6efd

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 13:02

Target

df3bea0b1833cb86955b90fef9c4e449.dll
Size

306KB
MD5

df3bea0b1833cb86955b90fef9c4e449
SHA1

19fea5ccf8b953e0a8dcf30a92038b597ef9f26e
SHA256

7d695e95afbcf649e04d02822989ed38f0b774f86c4830bce0e6f193413e6efd
SHA512

6095dcf0ad8d8b61328ccacec28f588387ddc350ee3e775026b1529a94826d55d1484b3bf4571b97620e15cdfa8f15735983b7e8e26da26454d5b0c384b45670
SSDEEP

3072:UXSqJqQwOpVQYHJUg5yC1mjaZM+aMSw1flZwK2RL2b1VvgseS/SxRqYkTeZTyiVp:IJqOVKgv1XPZ72EkqYR1ddeqdjX5

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3320	rundll32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3320	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3320	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 3320	896	rundll32.exe	88
PID 896 wrote to memory of 3320	896	rundll32.exe	88
PID 896 wrote to memory of 3320	896	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df3bea0b1833cb86955b90fef9c4e449.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df3bea0b1833cb86955b90fef9c4e449.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3320