bff80a3d70c7bf2ad0bcee86d6c2acfae23b23361eaedfb73533b83d2c1bf44f | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12e1e7d354ba80614803e42d7039d7d9.dll
Size

947KB
MD5

12e1e7d354ba80614803e42d7039d7d9
SHA1

bfb1d687bb10675c512e4f313148b0083bcfb11e
SHA256

bff80a3d70c7bf2ad0bcee86d6c2acfae23b23361eaedfb73533b83d2c1bf44f
SHA512

c49c945201fdde10e036f4977eba1361c5b04f4895c29db939a3e36c324698721e09cc658365da7aa297b8828f6c7884ac5f1a4bb10ad8828020d92ad993ef9c
SSDEEP

24576:532zm0sncSD57BZZaHTJxolLkXtVDJDhuI:8zm0qX59ZZaNeLut/V

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1980	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 1980	3824	rundll32.exe	14
PID 3824 wrote to memory of 1980	3824	rundll32.exe	14
PID 3824 wrote to memory of 1980	3824	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e1e7d354ba80614803e42d7039d7d9.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e1e7d354ba80614803e42d7039d7d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads