490f38ac362203ab439c2ad0008d20ccad50181a6160c6bfbeffa9f83b102f2a | Triage

Analysis

max time kernel
93s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 11:28

Sharing

Report Analysis Logs

General

Target

6ac6ecbd731267154575a9910e424da0.dll
Size

32KB
MD5

6ac6ecbd731267154575a9910e424da0
SHA1

70b4df8ca2154b3c8d93bd616c6371defc237bc8
SHA256

490f38ac362203ab439c2ad0008d20ccad50181a6160c6bfbeffa9f83b102f2a
SHA512

faf75448caa5dcf082c6eb4232b7ef935ef76973e8450b02843179e4377d9622652b5c53c85151bb33ac97762e05ea87e4b7e47752aac111eb3ce5ee15fe14bf
SSDEEP

768:Ft+NP27D6a8deklv/LT7PlhXlK9VfShVfLRBQ2zq:Ft+p272es/7PlhVK3aHDR6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1088	1624	rundll32.exe	86
PID 1624 wrote to memory of 1088	1624	rundll32.exe	86
PID 1624 wrote to memory of 1088	1624	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac6ecbd731267154575a9910e424da0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac6ecbd731267154575a9910e424da0.dll,#1
  2⤵
  PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads