5314eb70a4d7c5842e3b9acc48cf5680db21db072990048a82373f53443218cf

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 03:44

Target

5314eb70a4d7c5842e3b9acc48cf5680db21db072990048a82373f53443218cf.dll
Size

547KB
MD5

c42c4bc703b5333e2acf405d8e804fa9
SHA1

4099018e8f05d541166adb3ecc9962a4bed9ef53
SHA256

5314eb70a4d7c5842e3b9acc48cf5680db21db072990048a82373f53443218cf
SHA512

205a7a8edde01b5c4b4202a788ed52f9fb7423fffe8fdc86bf7ad322a72b20581b559ec5a20046104ac6c77589d7126efc6a808aa03f7cfd074843a3dc3e59ea
SSDEEP

12288:VIT/ka/9EkORmdiGfBZvcF1G7imHSRrQLc2XV6ma+JeU/2L9y50dfHCJBd3X3uI2:uT/ka/9ExRmd1fBZvcFA+mHS9Q42++JH

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2108	4772	rundll32.exe	84
PID 4772 wrote to memory of 2108	4772	rundll32.exe	84
PID 4772 wrote to memory of 2108	4772	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5314eb70a4d7c5842e3b9acc48cf5680db21db072990048a82373f53443218cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5314eb70a4d7c5842e3b9acc48cf5680db21db072990048a82373f53443218cf.dll,#1
  2⤵
  PID:2108

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact