c42b0a29979de89bf845cfdea6d179d34b7a90a9c15acf1660cf6905aa09b4e5 | Triage

Analysis

max time kernel
175s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0659968d923826d8b9755c81fd2adde5.dll
Size

56KB
MD5

0659968d923826d8b9755c81fd2adde5
SHA1

56edbb93b144d952359520a0e98f6e5532c25c2b
SHA256

c42b0a29979de89bf845cfdea6d179d34b7a90a9c15acf1660cf6905aa09b4e5
SHA512

ef87f93f2f48f790044de70cdbddd76ef7c40cf7eab5d00f8417447cd12b10a108efd4b0af3248c2eb59fc91fdfab2fd91edd650541312a636ef1aa6a7a56cda
SSDEEP

1536:BfQAl+7ovOdaoK2yd44GK25QMVLv6xjAZ8N0q7RRo:dQAl+pcDFGVSILv6xg8To

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 412	4800	rundll32.exe	86
PID 4800 wrote to memory of 412	4800	rundll32.exe	86
PID 4800 wrote to memory of 412	4800	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0659968d923826d8b9755c81fd2adde5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0659968d923826d8b9755c81fd2adde5.dll,#1
  2⤵
  PID:412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/412-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/412-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download