3cd245d944c5f73837b0e1cea7d63efba4aeb76ab3bd026c517c0066e7401069 | Triage

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 15:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aMS8jtw13s6.dll
Size

356KB
MD5

9ed2d5a1cf22f9cb54f9dabcfdcfc22f
SHA1

a85789a8fe10ad7e7b5418f8aaddbffd1c4b7b96
SHA256

3cd245d944c5f73837b0e1cea7d63efba4aeb76ab3bd026c517c0066e7401069
SHA512

477ee21ad9d8e284908627434b6edbd818ff7b3c907e3f2e7e6bff685129c2bcc828eb75ab10413863859d3388eec8f689a62c2f07666e073d2ec83173cd5213
SSDEEP

6144:Wndn8N6mSH77nGcRirEEgpOKqG4X7TBjpXNXpvvypNOcVWC:K82NRixfz/3RNANtN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 4416	4776	rundll32.exe	82
PID 4776 wrote to memory of 4416	4776	rundll32.exe	82
PID 4776 wrote to memory of 4416	4776	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aMS8jtw13s6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aMS8jtw13s6.dll,#1
  2⤵
  PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads