46fab4d8f74291680c26433cfac0e6e6da8ea95bed9d0da244ab2327763d4411 | Triage

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:41

Sharing

Report Analysis Logs

General

Target

512bcc68fd66237a22958535884d6f1d.dll
Size

17KB
MD5

512bcc68fd66237a22958535884d6f1d
SHA1

abc9c42f93b1a2d1c40e9a4fd8e3383d65400c7f
SHA256

46fab4d8f74291680c26433cfac0e6e6da8ea95bed9d0da244ab2327763d4411
SHA512

6134eee0b8ea5362bb7e99b6bf0b0ddece6a528961513394dc102d001e6751a284e07a5066abb9a06050eb78bc0d1a9841b1c5697cb2fb34ecf5d6e6a76f87c4
SSDEEP

384:74esOd4SI1bXMjhnqdkIX1ZvmR08FWGDnz:7Ld4HuhnAX1ZvNcz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 3936	3216	rundll32.exe	89
PID 3216 wrote to memory of 3936	3216	rundll32.exe	89
PID 3216 wrote to memory of 3936	3216	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\512bcc68fd66237a22958535884d6f1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\512bcc68fd66237a22958535884d6f1d.dll,#1
  2⤵
  PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-0-0x0000000031A80000-0x0000000031A8D000-memory.dmp

Filesize
52KB

Download