24d8fc7fb4f4bf3430051afc3bce6b9ed1d085b96da0753a4430621785a343b1 | Triage

Analysis

max time kernel
148s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:43

Sharing

Report Analysis Logs

General

Target

0cc5240ca4c55c10f2fc0ee97838170a.dll
Size

501KB
MD5

0cc5240ca4c55c10f2fc0ee97838170a
SHA1

f278ccd01dfd61dc8da13b748fa7fabfb086d402
SHA256

24d8fc7fb4f4bf3430051afc3bce6b9ed1d085b96da0753a4430621785a343b1
SHA512

76ecc66ff748157df57e3f056964e56adc167e063834447002951db7828330901e74e28d119c1ad580b48e5773883c6e46bc36369d20f42d82afdac8fcd5acca
SSDEEP

12288:lMwoqMor3PaP2MlCkSvGYkGaNzQitR7N7g:lKPxlpllpg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 1264	4644	rundll32.exe	16
PID 4644 wrote to memory of 1264	4644	rundll32.exe	16
PID 4644 wrote to memory of 1264	4644	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc5240ca4c55c10f2fc0ee97838170a.dll,#1
1⤵
PID:1264

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc5240ca4c55c10f2fc0ee97838170a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads