55159e484aa06404cb81d13a040d38106111ed11626ca2204ddb22ad1d3bc003

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 06:51

Target

55159e484aa06404cb81d13a040d38106111ed11626ca2204ddb22ad1d3bc003.dll
Size

554KB
MD5

d55696126d68155399f77fa493012777
SHA1

e0ad34107f0cf7f1e276953da602304d41de3d4c
SHA256

55159e484aa06404cb81d13a040d38106111ed11626ca2204ddb22ad1d3bc003
SHA512

35471b7e02d5461b3f6822bc00440fd7437cf12edf31b41c6ea041e2c87cc9d123938a862865234ffe70a70cd1c9fbca675e8721d99d3fee416071b73af758d0
SSDEEP

12288:PtV4YM59F3eKlIItRxDaJYi1zQN6XwGtfbyN7FBd3X3uggN:FV4YM5re+IItRJaDQNuRtD0Bd3X3x

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 2772	5060	rundll32.exe	82
PID 5060 wrote to memory of 2772	5060	rundll32.exe	82
PID 5060 wrote to memory of 2772	5060	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55159e484aa06404cb81d13a040d38106111ed11626ca2204ddb22ad1d3bc003.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55159e484aa06404cb81d13a040d38106111ed11626ca2204ddb22ad1d3bc003.dll,#1
  2⤵
  PID:2772

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact