5cc99b1c9838aa8eb5ab2996da02b792669c22ee2d090150a38df37f7e49c6f6 | Triage

Analysis

max time kernel
149s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:03

Sharing

Report Analysis Logs

General

Target

012c66540f7a3bb92abbd38f5ea46dac.dll
Size

560KB
MD5

012c66540f7a3bb92abbd38f5ea46dac
SHA1

3248080b523aa16fd3971d3a7a2f984188700ead
SHA256

5cc99b1c9838aa8eb5ab2996da02b792669c22ee2d090150a38df37f7e49c6f6
SHA512

6fd56681a9073ff4f9e2d779f62de2cc4076b46b935540f9098402789599e77762cb4a1bfb6222563ca58f0b3a3653a2789196c4bc172c3760f28fdee410c3e0
SSDEEP

12288:I+bHCg/+gYzBbghi80hpr4QsZR0aWplXKzH:dCgWhtbuizDrSZCaWpkb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 1404	4416	rundll32.exe	15
PID 4416 wrote to memory of 1404	4416	rundll32.exe	15
PID 4416 wrote to memory of 1404	4416	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\012c66540f7a3bb92abbd38f5ea46dac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\012c66540f7a3bb92abbd38f5ea46dac.dll,#1
  2⤵
  PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads