991ddbef121c5a7d290b3600ab3c78e6eac75ab674cf0d395ade00f268c1d399 | Triage

Analysis

max time kernel
139s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6f8cf0931039dd485e9779e33edd80dc.dll
Size

40KB
MD5

6f8cf0931039dd485e9779e33edd80dc
SHA1

394098cdd7be12674e0346c0e996b70e5321e4db
SHA256

991ddbef121c5a7d290b3600ab3c78e6eac75ab674cf0d395ade00f268c1d399
SHA512

567de17005f508a38e86ae2680ff9cbde40c285a716ae34971bf1f5d8a73c43fc08b23264ee15384e5feb0d01507b604d778281d90af212ea000a0a19c6ef0b8
SSDEEP

768:546xdXOO2LGRKA4f+VyNEs2tobkchqgl0e/BBQARQkvpc:5VxHsqgl0yBBQAR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 3272	3716	rundll32.exe	52
PID 3716 wrote to memory of 3272	3716	rundll32.exe	52
PID 3716 wrote to memory of 3272	3716	rundll32.exe	52

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f8cf0931039dd485e9779e33edd80dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f8cf0931039dd485e9779e33edd80dc.dll,#1
  2⤵
  PID:3272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads