e7412fd3c11e0830849a4acd475a6306f826c0a4fc1050a5183a70ec9f5d9659 | Triage

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:34

Sharing

Report Analysis Logs

General

Target

05ba2d7c2d6ad5f75c7f5e2c5a0738d2.dll
Size

212KB
MD5

05ba2d7c2d6ad5f75c7f5e2c5a0738d2
SHA1

cc1ea5fef96140a8907ad0821384a28a85cd391f
SHA256

e7412fd3c11e0830849a4acd475a6306f826c0a4fc1050a5183a70ec9f5d9659
SHA512

37936a203e0f6593d225a3791b7cbf995002c23dbdf967736b32624f925e162964d2a2897c5663b8eb7fafedddb04df01df6e82f1426243e0d1bc64091e15e98
SSDEEP

6144:PZ0s9tvbR7lzkCMkdV6IGP3qa67Jgj87ek:eetvbRmCebP3qa67xe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3868	3984	rundll32.exe	33
PID 3984 wrote to memory of 3868	3984	rundll32.exe	33
PID 3984 wrote to memory of 3868	3984	rundll32.exe	33

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05ba2d7c2d6ad5f75c7f5e2c5a0738d2.dll,#1
1⤵
PID:3868

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05ba2d7c2d6ad5f75c7f5e2c5a0738d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3868-0-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download