30a6b92ee2a3658a052d08447db1cbbdf02f5bdfbaf56d65b201c20b8de7f85a | Triage

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:40

Sharing

Report Analysis Logs

General

Target

08d126a0fd69e79d042b8eeeb6772a61.dll
Size

24KB
MD5

08d126a0fd69e79d042b8eeeb6772a61
SHA1

eee3237303f34e86f440b587e4edb4507297ecf0
SHA256

30a6b92ee2a3658a052d08447db1cbbdf02f5bdfbaf56d65b201c20b8de7f85a
SHA512

13b44b6a59ca707bb2e2dc6aff56e75a56cc54cb9c9608d0e4ea0a2c20a54bfbe9492e55a74e563275bd8ed73d4dea3f03b2eb5d2cdbe277bdd0b995ace8e18c
SSDEEP

384:1QiN5YXnNZPcOUIbfuiGGO1kCiIKvCpct5mAaSdy:LNwnNl/bGHGOyvqat5mnSg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 2600	3824	rundll32.exe	24
PID 3824 wrote to memory of 2600	3824	rundll32.exe	24
PID 3824 wrote to memory of 2600	3824	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08d126a0fd69e79d042b8eeeb6772a61.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08d126a0fd69e79d042b8eeeb6772a61.dll,#1
  2⤵
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads