a9b1d48bfbee99fbc6a0ef9acfe64adaed2cf57e2e15a89efc833e077e21e780 | Triage

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1325eed01ec22a4b096984163dcffc17.dll
Size

22KB
MD5

1325eed01ec22a4b096984163dcffc17
SHA1

97239d92f84a63196977024b5883064b9a94e166
SHA256

a9b1d48bfbee99fbc6a0ef9acfe64adaed2cf57e2e15a89efc833e077e21e780
SHA512

d947f81662102a1d4eaef5c56d6b482ba656fe50ff6b24c9a562a5a0b5c0ee264ee2096637b335d238859958b4145f73c82d8356906e9f55d9c105fdd96289dc
SSDEEP

384:QPbQPWz3E5+yiVtI89QXUdbhwKrusF0InCAXh0+AAzo:QdDI8ykVhDFxn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 3644	3360	rundll32.exe	14
PID 3360 wrote to memory of 3644	3360	rundll32.exe	14
PID 3360 wrote to memory of 3644	3360	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1325eed01ec22a4b096984163dcffc17.dll,#1
1⤵
PID:3644

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1325eed01ec22a4b096984163dcffc17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3644-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download