2b686134c31d10b500b1fb223a0719017d8ddaf3c9109d224ad35c119754bb7d | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 13:47

Sharing

Report Analysis Logs

General

Target

7354f81357b04e645ce12ca30a6ec12f.dll
Size

176KB
MD5

7354f81357b04e645ce12ca30a6ec12f
SHA1

bb4208750f77583abcd017ea43449b441a75730a
SHA256

2b686134c31d10b500b1fb223a0719017d8ddaf3c9109d224ad35c119754bb7d
SHA512

be4a49a6f57918f367f0219d5489ddef4dcc8d85838430bf2e3c8ce8f629ab329f18b84e4a21b0145b9fdc8cfc489e1519dada04ba90ccd105ce2e87f465c2d3
SSDEEP

3072:wx2uti2pAjCEdKTsAjwVXUaCtB+oZCkPNmtXT:wx2vRjCEd+vjBDZCCNU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 3812	2704	rundll32.exe	91
PID 2704 wrote to memory of 3812	2704	rundll32.exe	91
PID 2704 wrote to memory of 3812	2704	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7354f81357b04e645ce12ca30a6ec12f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7354f81357b04e645ce12ca30a6ec12f.dll,#1
  2⤵
  PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads