7dd691e2daef5ddbc46c76f808d38680e7b598bf8806c77f2bef8a35cb4034cb | Triage

Analysis

max time kernel
138s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:23

Sharing

Report Analysis Logs

General

Target

6e388d1e6f96db5c658935c0bb341fd4.dll
Size

34KB
MD5

6e388d1e6f96db5c658935c0bb341fd4
SHA1

b922c9b77607e5803d11eae3538ce71ae27e06a1
SHA256

7dd691e2daef5ddbc46c76f808d38680e7b598bf8806c77f2bef8a35cb4034cb
SHA512

7ed41c779f74c4c22bc55e898c7bbbc1f1134c66bc6418fbe7683a83b2f6d1d38ceebae3474305df92afc6af74ca59be3982131ab1de3fa80dbed6c196b0fb15
SSDEEP

768:u7mRDL0cgngbMzSJOQc7S/DftqqhnP0RROPx:OmRD7gHzS0d7S/1pMRROp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 3608	3296	rundll32.exe	90
PID 3296 wrote to memory of 3608	3296	rundll32.exe	90
PID 3296 wrote to memory of 3608	3296	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e388d1e6f96db5c658935c0bb341fd4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e388d1e6f96db5c658935c0bb341fd4.dll,#1
  2⤵
  PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads