06677682a20e7e9c32749a8510ec8fe2a6f53076f005f7d5317ebaf458914286 | Triage

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:04

Sharing

Report Analysis Logs

General

Target

0d861296602f57a92df140c1a9873190.dll
Size

2.0MB
MD5

0d861296602f57a92df140c1a9873190
SHA1

9b1baa198cc50bb092c115fef5ea6bb701728644
SHA256

06677682a20e7e9c32749a8510ec8fe2a6f53076f005f7d5317ebaf458914286
SHA512

e8bf1eb5504f29fa2f200605dce63be3f55a3cfa44ec328c2e388462c6cf5e34357929c9d42847c7c1a3669b22ca6510f0f6629d42666908bf695254f3e32649
SSDEEP

49152:B9GPO5KYFTLTVIjpKLI1fz3qe621Si3QzJju0:ZVecMF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1900	2292	rundll32.exe	14
PID 2292 wrote to memory of 1900	2292	rundll32.exe	14
PID 2292 wrote to memory of 1900	2292	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d861296602f57a92df140c1a9873190.dll,#1
1⤵
PID:1900

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d861296602f57a92df140c1a9873190.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads