b3f091b540eb465dd3a102e3c354dcfa98d0412fb6c3d035d37cf59ecaf2b538 | Triage

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:24

Sharing

Report Analysis Logs

General

Target

491941b79d88d7786dc1f6d973b2fd5a.dll
Size

81KB
MD5

491941b79d88d7786dc1f6d973b2fd5a
SHA1

cdc4b762c2df884e05f2997a0d416c6ec18330c3
SHA256

b3f091b540eb465dd3a102e3c354dcfa98d0412fb6c3d035d37cf59ecaf2b538
SHA512

e289f83ae2e0bb696ea448c32d725f64512834886fa8e4102509a72eef2ac580d64b6c385f80083c38ca28ff4bc5daa1661a7370eafe8d6498a906688a8659b2
SSDEEP

1536:GjbW89XQ7DH62ZnrweUXSR0zss8GSq59LcR3WlK9R:Gjbp4ttweB0g/Wto3WlE

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2856	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2856	2248	rundll32.exe	14
PID 2248 wrote to memory of 2856	2248	rundll32.exe	14
PID 2248 wrote to memory of 2856	2248	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\491941b79d88d7786dc1f6d973b2fd5a.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\491941b79d88d7786dc1f6d973b2fd5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2856-2-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2856-1-0x00000000014D0000-0x00000000014DF000-memory.dmp

Filesize
60KB

Download
memory/2856-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2856-3-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download