128f5f78c40d288bd7b5a550771fa9c7ef1f84c6ce41e4804268c3f27c9c3ac1 | Triage

Analysis

max time kernel
142s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 06:55

Sharing

Report Analysis Logs

General

Target

5af4efeae861b75c0c54bf6d108a293b.dll
Size

840KB
MD5

5af4efeae861b75c0c54bf6d108a293b
SHA1

3cc458b8c258aa822a394b4eef739ba0e46be6c0
SHA256

128f5f78c40d288bd7b5a550771fa9c7ef1f84c6ce41e4804268c3f27c9c3ac1
SHA512

91865ba0b0ec5f041d65e28fff41b7d8360d4972f02cbbff25433a6bb7de4e42ff3295e448295bc59946b8dc0191cc1b46f12728695772617b63d38e5eb0bf27
SSDEEP

24576:wHZWtjszBjRh+yHTwLsDdCNKV1kS3L2xK9TUE7:sZWFszcADvoSb2xKp37

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2132	1252	rundll32.exe	18
PID 1252 wrote to memory of 2132	1252	rundll32.exe	18
PID 1252 wrote to memory of 2132	1252	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5af4efeae861b75c0c54bf6d108a293b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5af4efeae861b75c0c54bf6d108a293b.dll,#1
  2⤵
  PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads