29ff4db31c821189775f54d3b0ff8c2ecc29535c39b8ee9a6f765a114e8631dc | Triage

Analysis

max time kernel
118s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:13

Sharing

Report Analysis Logs

General

Target

033fafa9a3dcb8de5a349d05784fa70f.dll
Size

3KB
MD5

033fafa9a3dcb8de5a349d05784fa70f
SHA1

2611a8502d0e295f7c30f549e5381945072066ee
SHA256

29ff4db31c821189775f54d3b0ff8c2ecc29535c39b8ee9a6f765a114e8631dc
SHA512

5dc3ecb5c7ed716520e453d25ddd2a0a28b14414a3e02edd5a51cbdb26dbc46f1a9902e78bae76b999f224a6bfa18ce4c47a3252c288a51ecc1e62a311e79e33

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3620	5032	rundll32.exe	87
PID 5032 wrote to memory of 3620	5032	rundll32.exe	87
PID 5032 wrote to memory of 3620	5032	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\033fafa9a3dcb8de5a349d05784fa70f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\033fafa9a3dcb8de5a349d05784fa70f.dll,#1
  2⤵
  PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads