75aaeb31cc3dd8ffce62c9aee556d976a6a63479fd836e4a2460089a9dc8e1c8 | Triage

Analysis

max time kernel
143s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

173f902f0c248e95d6d3b02f76c017ee.dll
Size

6KB
MD5

173f902f0c248e95d6d3b02f76c017ee
SHA1

8c1c8cc067a07701ce70294b2f9caee41e432702
SHA256

75aaeb31cc3dd8ffce62c9aee556d976a6a63479fd836e4a2460089a9dc8e1c8
SHA512

72ba351d5942325f538a2b72a3b4c4d6adb3bc7d7a8aa268ff4d184b643cc7cccbd7f2e7f604b56b0b0a6241920601622f8c194e15caea0d4f99829c9be77da0
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU107SB+BDq9J5SV3DY:CSVVEPozmB7MB+FqX5S1D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3868	2104	rundll32.exe	88
PID 2104 wrote to memory of 3868	2104	rundll32.exe	88
PID 2104 wrote to memory of 3868	2104	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\173f902f0c248e95d6d3b02f76c017ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\173f902f0c248e95d6d3b02f76c017ee.dll,#1
  2⤵
  PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads