cabcfb8390c79444b88b0221667ab670dac60fdf79a50ca6fd1feeb04eb4dd6f | Triage

Analysis

max time kernel
163s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:25

Sharing

Report Analysis Logs

General

Target

10c1710bcf3c902a977c819db7841cf7.dll
Size

52KB
MD5

10c1710bcf3c902a977c819db7841cf7
SHA1

d2d74934d126071db9e4b04625a1c51dade76899
SHA256

cabcfb8390c79444b88b0221667ab670dac60fdf79a50ca6fd1feeb04eb4dd6f
SHA512

4442ecb25771b6f8ccb28192c6aa997b33485ee659b85b720ce1f7a951ce6d6796d3b11d31614fabef13f013372332177982b4939b10ef9b6b43af8f3065a9da
SSDEEP

1536:d5KW7W/hL4uK/EhpbdzNVMWYP/QLhknH6:M/hMuwEhpbdxVzjh+6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 712	3100	rundll32.exe	89
PID 3100 wrote to memory of 712	3100	rundll32.exe	89
PID 3100 wrote to memory of 712	3100	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10c1710bcf3c902a977c819db7841cf7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\10c1710bcf3c902a977c819db7841cf7.dll,#1
  2⤵
  PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads