25b7112996091d5460e49ba4fc299e8e5ab9d963eab91f02a81fd7e6bd1b8947 | Triage

Analysis

max time kernel
193s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

075e6213cb6b197545042c27924089eb.dll
Size

155KB
MD5

075e6213cb6b197545042c27924089eb
SHA1

63477dfd7833591b1969cabe0a07074bfcb264c3
SHA256

25b7112996091d5460e49ba4fc299e8e5ab9d963eab91f02a81fd7e6bd1b8947
SHA512

1285750a3380674a1eebe57c5f6df181920a6cb788b34632df7ca0a828352f33b484e92fd57c12042b75ad7918097337338d8481bf78d30185eb5093236dc003
SSDEEP

3072:W6yxvfGZKEoieAsOAa/+3usrc9vRdf+7:W6QfEKseAyrc9nf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 3852	4488	rundll32.exe	88
PID 4488 wrote to memory of 3852	4488	rundll32.exe	88
PID 4488 wrote to memory of 3852	4488	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\075e6213cb6b197545042c27924089eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\075e6213cb6b197545042c27924089eb.dll,#1
  2⤵
  PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3852-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download