6e2e280adee39c5f714f4d12e06521b4c84afe77bcbce81ea61e6e2ad3222b9f | Triage

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:23

Sharing

Report Analysis Logs

General

Target

085102ea383b8b483637b30613be27c8.dll
Size

2KB
MD5

085102ea383b8b483637b30613be27c8
SHA1

28d75ab18438a63c04d1cd069390e8a901939d53
SHA256

6e2e280adee39c5f714f4d12e06521b4c84afe77bcbce81ea61e6e2ad3222b9f
SHA512

4e644a2fddf29a267b1a80df5072250b8f78b2082b043d74195ebfd6ca737c81094792dfdf58e6fcef9e5ba9b6fbffb6b57b1ba0b666c05c19e5df1121c74fdd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2748	2428	rundll32.exe	48
PID 2428 wrote to memory of 2748	2428	rundll32.exe	48
PID 2428 wrote to memory of 2748	2428	rundll32.exe	48

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\085102ea383b8b483637b30613be27c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\085102ea383b8b483637b30613be27c8.dll,#1
  2⤵
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads