e3195c250694694bba05f321aa469dece69970c75a74288cf647a4a99618204a | Triage

Analysis

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 06:13

Sharing

Report Analysis Logs

General

Target

0ac87a3896d78b15606283427e3f2992.dll
Size

83KB
MD5

0ac87a3896d78b15606283427e3f2992
SHA1

379a7fb92eb525472f5d4f222c71ebc02d1db02a
SHA256

e3195c250694694bba05f321aa469dece69970c75a74288cf647a4a99618204a
SHA512

fbe218d47138f0ad30040989a2f30fb1e3931a89fd5f4d81b84c5ac236ecb21903b0ca04a80210afc473d7defb4fc48fc680d65e992c5e2b9b851b7ce7d3cf69
SSDEEP

1536:c1QwmRg85Yzhr0WsxAyxNXVhbJ/zzW5n/u8K3lT:EAg8mzhrenHFhbJXWV//+

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2360	rundll32.exe
2360	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2360	5096	rundll32.exe	14
PID 5096 wrote to memory of 2360	5096	rundll32.exe	14
PID 5096 wrote to memory of 2360	5096	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2360-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2360-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2360-2-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download