3fdb8cbd56159362839dba27c837e41b7c32abb432458dd5af39fc302afdcfa6 | Triage

Analysis

max time kernel
139s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 10:22

Sharing

Report Analysis Logs

General

Target

66e1487406d0674da87c2d110286714a.dll
Size

220KB
MD5

66e1487406d0674da87c2d110286714a
SHA1

6ea84195615f62f957782190a40f77ac149a8418
SHA256

3fdb8cbd56159362839dba27c837e41b7c32abb432458dd5af39fc302afdcfa6
SHA512

42028dcfc249a45e176a3e1b0ea73872b24dfd7671532708562ee41777d504fc8ac37cdfc966a3fca2c6bf1a757b43d69913e5b110fc50e4662d6f74aac582d0
SSDEEP

768:xeSJtXthyDMWiWYtCiFEMeYcBBQARQkQmpG0S:rJt9KMbtR2MeYcBBQARR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 3584	1572	rundll32.exe	16
PID 1572 wrote to memory of 3584	1572	rundll32.exe	16
PID 1572 wrote to memory of 3584	1572	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66e1487406d0674da87c2d110286714a.dll,#1
1⤵
PID:3584

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66e1487406d0674da87c2d110286714a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads