49a2969e5f78cdc6a79d39878360ff34d0ed7675ae1ca6a440f7cf94127e07e2 | Triage

Analysis

max time kernel
171s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e09cf6b80f35bda4de08ea1a79f34eb.dll
Size

136KB
MD5

0e09cf6b80f35bda4de08ea1a79f34eb
SHA1

22413b27430edb4a6fa6d5e707f533e39d3508de
SHA256

49a2969e5f78cdc6a79d39878360ff34d0ed7675ae1ca6a440f7cf94127e07e2
SHA512

a6c7b2f786f47e49b56b9af015b141c41d5a1fc07a26c8073a8a5809113376b8c9a5b54aa8a14bc8106f1a78a30eb3235883c38db33fb7ccc12198f3376233ff
SSDEEP

3072:2yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logy:2yqUkUeaaclD5WRTOyg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 940	3780	rundll32.exe	44
PID 3780 wrote to memory of 940	3780	rundll32.exe	44
PID 3780 wrote to memory of 940	3780	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e09cf6b80f35bda4de08ea1a79f34eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e09cf6b80f35bda4de08ea1a79f34eb.dll,#1
  2⤵
  PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads