e434a177ccbbea6e31655a567b4e80921a68cc023c769fb495a8f92eec76c51b | Triage

Analysis

max time kernel
154s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 23:26

Sharing

Report Analysis Logs

General

Target

ffc54402079159b1c512739a73009bae.dll
Size

77KB
MD5

ffc54402079159b1c512739a73009bae
SHA1

63fa424d2cb75c29437a465ac2ae8471e43365dc
SHA256

e434a177ccbbea6e31655a567b4e80921a68cc023c769fb495a8f92eec76c51b
SHA512

f9d2592c12a14b8117d4e9f48508871964434fd0dcf8b5c2d376ae02f2d498a134db7e0f0e1e5b8b2e7eb0e4ae15dd3fa215c2cb59a38eebb69c418804b43970
SSDEEP

1536:BhmsNgmR8ofV0VQfMT/d00Zgk3D0VtqoucTc7q:BhJN8oCQwFvDMtqou4cu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 5016	4372	rundll32.exe	76
PID 4372 wrote to memory of 5016	4372	rundll32.exe	76
PID 4372 wrote to memory of 5016	4372	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#1
  2⤵
  PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads