1250d406fdd3a348320407bade6c9ec449abef73792fc7815029b689557ee227 | Triage

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:55

Sharing

Report Analysis Logs

General

Target

0481a685d2b037100f3090e96653012b.dll
Size

31KB
MD5

0481a685d2b037100f3090e96653012b
SHA1

5a3b5f4d604390db1b037971843a95d75fe1d972
SHA256

1250d406fdd3a348320407bade6c9ec449abef73792fc7815029b689557ee227
SHA512

95cca5315ed36836a168d97b78ed4614d006d3256783f3476001f36ce52c82a71f7b7b44b600bbeed4795e6e2c426cf0fb478bb0f8796bc19534aa21aa1ca677
SSDEEP

768:2o46l1Q2GkgTdNPFHDofb4gYh/4za6LHz:yc1p8HSkPhWzz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2400	1636	rundll32.exe	66
PID 1636 wrote to memory of 2400	1636	rundll32.exe	66
PID 1636 wrote to memory of 2400	1636	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0481a685d2b037100f3090e96653012b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0481a685d2b037100f3090e96653012b.dll,#1
  2⤵
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-0-0x0000000074C40000-0x0000000074C4A000-memory.dmp

Filesize
40KB

Download