24ac3c80e2672fececef4662512be86f5298b165c1ed3fd02cc6ea5de972e658 | Triage

Analysis

max time kernel
137s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:59

Sharing

Report Analysis Logs

General

Target

0db145a2f402fd84b7eafa1a82297803.dll
Size

7KB
MD5

0db145a2f402fd84b7eafa1a82297803
SHA1

ed470d59f626acfc819fa1ddfc7b690390bdd97e
SHA256

24ac3c80e2672fececef4662512be86f5298b165c1ed3fd02cc6ea5de972e658
SHA512

66b66cea892ef562d490153848ff1648a6743080f0a089c8e1d846c1d9a6bf93d767240070481a81f6be51cc3e02e90df5c6f429600740f74aa470744e1387bf
SSDEEP

192:c6yNOLBVtPS17yxz5Cskn0nk4Xm/OdNkgUw9h:c6yNE/tY2xzI30nkbAi+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 4888	3948	rundll32.exe	17
PID 3948 wrote to memory of 4888	3948	rundll32.exe	17
PID 3948 wrote to memory of 4888	3948	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0db145a2f402fd84b7eafa1a82297803.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0db145a2f402fd84b7eafa1a82297803.dll,#1
  2⤵
  PID:4888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4888-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download