3a42bfa08ec514bd65a75e60f45d13692b7f34610b91a057752a45f12c5cd7b7 | Triage

Analysis

max time kernel
140s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:34

Sharing

Report Analysis Logs

General

Target

202d88bff9e343fe06a858d6d87d338e.dll
Size

33KB
MD5

202d88bff9e343fe06a858d6d87d338e
SHA1

4a9542aead0321c5d6f3c29ec8d6653ac28795d3
SHA256

3a42bfa08ec514bd65a75e60f45d13692b7f34610b91a057752a45f12c5cd7b7
SHA512

5bd19ded9527b244418e4c505e695c8965595fc67eab95ab8c70986b58228249a601c777a56ed280bfcb17ac6ab79ea4caa6483cd45dab432a879af00bb72ab8
SSDEEP

768:77v1b7TDuSxa/0xyDcl27l5+uMSVOiuGROku9A:7z1b9a/3A47l5+uVFRFu+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 4344	4284	rundll32.exe	89
PID 4284 wrote to memory of 4344	4284	rundll32.exe	89
PID 4284 wrote to memory of 4344	4284	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\202d88bff9e343fe06a858d6d87d338e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\202d88bff9e343fe06a858d6d87d338e.dll,#1
  2⤵
  PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads