e59add9e607030a1f1e81edf95d4da83bd3b04ebf8d834301a1ecca180a42588 | Triage

Analysis

max time kernel
138s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:35

Sharing

Report Analysis Logs

General

Target

50c99dae1db5665f750f2f2c6f9aedae.dll
Size

128KB
MD5

50c99dae1db5665f750f2f2c6f9aedae
SHA1

25bff5d27b3d80f91067688b88e0323e4bf05b22
SHA256

e59add9e607030a1f1e81edf95d4da83bd3b04ebf8d834301a1ecca180a42588
SHA512

0d52c18ce86ff0fa73c44924c0206666da4792b78541c8f7102c61deabfe2d37a5a7b990394ef3dbceddf628b53945d56db5699981a72dca5de334d0d90c395b
SSDEEP

3072:S+h76rU50oY8ACNwV3cX4Yy5dFztMqqDLy/YoDbc:Xek4p04DFz+qqDLuY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 4656	3792	rundll32.exe	89
PID 3792 wrote to memory of 4656	3792	rundll32.exe	89
PID 3792 wrote to memory of 4656	3792	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50c99dae1db5665f750f2f2c6f9aedae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50c99dae1db5665f750f2f2c6f9aedae.dll,#1
  2⤵
  PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4656-0-0x0000000000B70000-0x0000000000B7A000-memory.dmp

Filesize
40KB

Download
memory/4656-1-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download