101af60b50716e7f1765f013679510ed188ef67f3e252b810e7414209aca9bf9 | Triage

Analysis

max time kernel
135s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 22:02

Sharing

Report Analysis Logs

General

Target

05147d90c1e738cc5a975124d75adb3f.dll
Size

1.0MB
MD5

05147d90c1e738cc5a975124d75adb3f
SHA1

a651245c1e0dd6d2d0d16f5d117afdfa64264419
SHA256

101af60b50716e7f1765f013679510ed188ef67f3e252b810e7414209aca9bf9
SHA512

e111fe83f9b7132f484a082fa1711dd9b953b371e46ff09cbac125ea597f158076558d2d2fd9286e03d5c12f9cc72468adfc4306544d74c5aa29bad8fe1ffcd9
SSDEEP

24576:VQOedHdRVLe+2ZK5eWh/XG8MMhD5AdobbdnUKUr8aFr:SRxVLnM2NhIJr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 2300	1480	rundll32.exe	89
PID 1480 wrote to memory of 2300	1480	rundll32.exe	89
PID 1480 wrote to memory of 2300	1480	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05147d90c1e738cc5a975124d75adb3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05147d90c1e738cc5a975124d75adb3f.dll,#1
  2⤵
  PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads