86dabd438734f81d03f76db01608c4f0b0fbcbcb0a69c6219e7673f809d85445 | Triage

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:33

Sharing

Report Analysis Logs

General

Target

libdns.dll
Size

2.1MB
MD5

8eb0dbc10cd76e87835e2a146a19a0e1
SHA1

fc8c07ecca03dcc2f298f8af5a49193cc8824434
SHA256

3340ba1f5f8574473a80f4af19154c4eeeb878f3db327f2761591d8e21a85526
SHA512

c5bee7c7fbefeec8a5858aa2f87f378bd866d4bfd7ae435e48e4544f233cbe42720284f1b47a6799df276b98009df63e1e96cd32f54faf4a7922fb4f718fd599
SSDEEP

24576:1v0BgdJSgctMjFRc/0ujr2mm3b7TwnV0ghSzfsPeeKKZpmPu0Jt0Zc:6wSJtMrcCfU3hSzfsP9pmPu0ac

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 3804	860	rundll32.exe	86
PID 860 wrote to memory of 3804	860	rundll32.exe	86
PID 860 wrote to memory of 3804	860	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libdns.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libdns.dll,#1
  2⤵
  PID:3804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3804-0-0x0000000010000000-0x00000000102F7000-memory.dmp

Filesize
3.0MB

Download