73fec33a4cfd753778eae778f397421d02687a8ed7e576bda18aa2e3e281c63c | Triage

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 18:17

Sharing

Report Analysis Logs

General

Target

33e7c9fbca81489eff394790a8140976.dll
Size

13KB
MD5

33e7c9fbca81489eff394790a8140976
SHA1

e0e281ea3e31f84896ee6805ab51f8dd33577ed4
SHA256

73fec33a4cfd753778eae778f397421d02687a8ed7e576bda18aa2e3e281c63c
SHA512

dd31f0ea4a07aae2f0ce29efb24a466c17e289240c68bf087012d7aee5e7378970f52669144897b24f1f6a9d456ee706a0625028f5f355b7c6cbee221c61513e
SSDEEP

384:ZFJ390BFEpk4VuJqZv431lUV/S0pFTdQAFwW:3Jif4V2qZw31iV/3ZdHD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 908	1700	rundll32.exe	15
PID 1700 wrote to memory of 908	1700	rundll32.exe	15
PID 1700 wrote to memory of 908	1700	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33e7c9fbca81489eff394790a8140976.dll,#1
1⤵
PID:908

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33e7c9fbca81489eff394790a8140976.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-0-0x0000000025000000-0x000000002501F000-memory.dmp

Filesize
124KB

Download