50a367ed89b4d24b421a054ee93c2c43fd7e0a6a4d065364e1f5966a73252162 | Triage

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 01:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20093b62d6b7190469a375673810335f.dll
Size

34KB
MD5

20093b62d6b7190469a375673810335f
SHA1

69adbbe04512a3f20433797b3c7cf5833ef46863
SHA256

50a367ed89b4d24b421a054ee93c2c43fd7e0a6a4d065364e1f5966a73252162
SHA512

6c0ec5564f6312a7cb20cf76421fea8a39f70b15bd0dc1d1c3710ada6a7c3f7169c1dcb0d8bb15a9b5fdf05bd4dbc47a7466c70bfe3f07ebee5564027339c38a
SSDEEP

768:ZpJOcSsphT92HPYXzNj75ZMfC5Chw09FRst5:DJOHeT8Hm75ZM6U6yFRc5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 3700	4764	rundll32.exe	88
PID 4764 wrote to memory of 3700	4764	rundll32.exe	88
PID 4764 wrote to memory of 3700	4764	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20093b62d6b7190469a375673810335f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20093b62d6b7190469a375673810335f.dll,#1
  2⤵
  PID:3700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads