59718e74d228679670e1694ac77959c9c92d7eb55fb2a1c001a8e0de61f47c18 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 09:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

626b9ca0f76c1551178a6acdeb924623.dll
Size

136KB
MD5

626b9ca0f76c1551178a6acdeb924623
SHA1

28bcebfc88b7c6154b60ad034e7e73e17b2bf06b
SHA256

59718e74d228679670e1694ac77959c9c92d7eb55fb2a1c001a8e0de61f47c18
SHA512

816bd05844cd100b48a581a18f61735cdd6724e016817c6af198f873c48cb9bbc375d6d13ac38ea7b12094d482957584e88f768904a92840d3f878b98603e504
SSDEEP

3072:hzjnfsD31Oc9HWDdIFBK9NJgikYbrqRsGfoT8Zx:hzrC319EDkyaCbr81lx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 2244	220	rundll32.exe	88
PID 220 wrote to memory of 2244	220	rundll32.exe	88
PID 220 wrote to memory of 2244	220	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\626b9ca0f76c1551178a6acdeb924623.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\626b9ca0f76c1551178a6acdeb924623.dll,#1
  2⤵
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2244-0-0x00000000010F0000-0x00000000010FA000-memory.dmp

Filesize
40KB

Download
memory/2244-4-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download