eb1fb51f53137679acf61d6cb08a78bbcbdea2e78da1b111257d33396e81ccaa | Triage

Analysis

max time kernel
156s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 14:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2705e04145a7c70a8d98db463242bb30_dll32_JC.dll
Size

6KB
MD5

2705e04145a7c70a8d98db463242bb30
SHA1

1d1cfaf6da9ae02f2cc58f7c67f8db1ac59ef0f2
SHA256

eb1fb51f53137679acf61d6cb08a78bbcbdea2e78da1b111257d33396e81ccaa
SHA512

395720dab09e9ee1b78bdf383fde3bcb661c337420daf1c447979d1bc136d6e91dd9809db951af2c3a5290ac0d7e1fac0fc70cf29f2a20301c70c5179cc38283
SSDEEP

48:6amN5YVOy1VEvy/dw25M+e0fB+BDq9J5SzXH:Wy1VEvayP+vB+FqX5SzX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3384	5112	rundll32.exe	80
PID 5112 wrote to memory of 3384	5112	rundll32.exe	80
PID 5112 wrote to memory of 3384	5112	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2705e04145a7c70a8d98db463242bb30_dll32_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2705e04145a7c70a8d98db463242bb30_dll32_JC.dll,#1
  2⤵
  PID:3384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads