aae403394d995ef3dbe0ef757722696e1a10e62311ccb6e6dbeb35cac629d259 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:31

Sharing

Report Analysis Logs

General

Target

20134ad02ae986d2586c62a80a3ff416.dll
Size

28KB
MD5

20134ad02ae986d2586c62a80a3ff416
SHA1

bda3e3a95a80d327e3e286a8ae2ca1b9903c9977
SHA256

aae403394d995ef3dbe0ef757722696e1a10e62311ccb6e6dbeb35cac629d259
SHA512

85bd1a884e3ce6bcb3d66c0ffc5c62f44557028b07da2ebd9b4de612b68170aebc372e219194dabc04089d252ad283074c9f4567c271899b4e31a576a31828b8
SSDEEP

768:3HZITUOwXQDiWjDOKbWsA8cgeIR4Rv9ce5bZjG:3HyoOwguiyKbfVemWvi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5048	rundll32.exe
5048	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5048	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 5048	4960	rundll32.exe	16
PID 4960 wrote to memory of 5048	4960	rundll32.exe	16
PID 4960 wrote to memory of 5048	4960	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads