d036ef678b48464d8248c48c2e74641b16d12b4c3040fa93b314f8d34960f1d7 | Triage

Analysis

max time kernel
142s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

021a38730675e2fc96346b3e18ab6e68.dll
Size

305KB
MD5

021a38730675e2fc96346b3e18ab6e68
SHA1

40565e3223ad98b50ba8c2a00e374fa163980a99
SHA256

d036ef678b48464d8248c48c2e74641b16d12b4c3040fa93b314f8d34960f1d7
SHA512

9e484705645c690d5d8cefe08d6a551efe504a8567baf699147c8519197b4121f1e512206cb5723cb1f600e5596a62ff80aeddcab5cbd04fbc668e7e309197d0
SSDEEP

6144:696kDIrR4VgC+F/tOjxigMe70ZRl04ZRO07C5C:WGR+v46xOe70ZRXZX28

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 812	1048	rundll32.exe	88
PID 1048 wrote to memory of 812	1048	rundll32.exe	88
PID 1048 wrote to memory of 812	1048	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\021a38730675e2fc96346b3e18ab6e68.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\021a38730675e2fc96346b3e18ab6e68.dll,#1
  2⤵
  PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads