03d4e005e72c8a3ca47be1b1632efc2506c50482ae3278a06e44606cdc921f97 | Triage

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:03

Sharing

Report Analysis Logs

General

Target

2b8d12f512ee830903ef39b7f72a035b.dll
Size

40KB
MD5

2b8d12f512ee830903ef39b7f72a035b
SHA1

5386ea84525448f8669245f6aa440ff83d222180
SHA256

03d4e005e72c8a3ca47be1b1632efc2506c50482ae3278a06e44606cdc921f97
SHA512

e7c229f0b5cc48b9d235921c0eccb170e1d6e090489d1bcb107ba53d4d7cb58882d6025432e6e2166007ecec0bd1e231f35b39ddbcf0e29e11195d32a3d6fedf
SSDEEP

768:Z0PriXnXXLAZ/vrsCGK//e4JBBQARQkPhHA/s:mPRcSe4JBBQARpm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 4808	3196	rundll32.exe	16
PID 3196 wrote to memory of 4808	3196	rundll32.exe	16
PID 3196 wrote to memory of 4808	3196	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b8d12f512ee830903ef39b7f72a035b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b8d12f512ee830903ef39b7f72a035b.dll,#1
  2⤵
  PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads