158f3c3528c16da73c03de0f7861b8edf34d83944b562a95c29c838aa6b6683c | Triage

Analysis

max time kernel
176s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 06:54

Sharing

Report Analysis Logs

General

Target

0cfe04a7f3c02b337d6431a09ecb53d3.dll
Size

1.6MB
MD5

0cfe04a7f3c02b337d6431a09ecb53d3
SHA1

f8c6f07048094b587f1effd72a0b104104019187
SHA256

158f3c3528c16da73c03de0f7861b8edf34d83944b562a95c29c838aa6b6683c
SHA512

9f4f62a11bcf6c589577ca2599e717bca67c6d317038f52b1a8c399aefd9b2d5af51f01b0f2b4952d33ca9882273b35a0d78ee9fcc2a20e206718a5044a0d1fd
SSDEEP

49152:CQCSu/0J3tCieDgdd/sQxKbtjQMFGuncy:/Cz/0J3tCitmbtiy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 5036	5008	rundll32.exe	91
PID 5008 wrote to memory of 5036	5008	rundll32.exe	91
PID 5008 wrote to memory of 5036	5008	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfe04a7f3c02b337d6431a09ecb53d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfe04a7f3c02b337d6431a09ecb53d3.dll,#1
  2⤵
  PID:5036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads