11eb89e4db79b4673598599d5eadd46c75253c3985b58b90d5538fb6c5ac355e | Triage

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:30

Sharing

Report Analysis Logs

General

Target

111cf80d7b6dc6a7fb0978e7b40838dd.dll
Size

56KB
MD5

111cf80d7b6dc6a7fb0978e7b40838dd
SHA1

555fd21474f4b67cb97e01852ee2a995dc064101
SHA256

11eb89e4db79b4673598599d5eadd46c75253c3985b58b90d5538fb6c5ac355e
SHA512

949b6b736186b56b5e45f2d35d4370bdc7c3b77e25b6e5b4d0eaf5672796af47b74220a896de266186d6b93fc081e54d7b310bf9ed37749575a0fd302fb89524
SSDEEP

768:Kq5PFP/129S99RMsJRO4FExHwWHHI2j8BhymSXo9p:LPR/JRO4FINo2VXo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 4552	2852	rundll32.exe	44
PID 2852 wrote to memory of 4552	2852	rundll32.exe	44
PID 2852 wrote to memory of 4552	2852	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\111cf80d7b6dc6a7fb0978e7b40838dd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\111cf80d7b6dc6a7fb0978e7b40838dd.dll,#1
  2⤵
  PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4552-1-0x0000000002820000-0x00000000028F6000-memory.dmp

Filesize
856KB

Download
memory/4552-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/4552-2-0x0000000002820000-0x00000000028F6000-memory.dmp

Filesize
856KB

Download