a98e89b6ee0959cfec60bf262dd2ef42f4d9d7718a06e0b8e09d349bf8d9b023 | Triage

Analysis

max time kernel
144s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16f37c30cdeaf15b25a8e98a839dac83.dll
Size

224KB
MD5

16f37c30cdeaf15b25a8e98a839dac83
SHA1

56333cc0848952b317615ff2095b3c779a0ec0ed
SHA256

a98e89b6ee0959cfec60bf262dd2ef42f4d9d7718a06e0b8e09d349bf8d9b023
SHA512

388eb3a9c39862aa29e0cd6d91e008e8daedbdc3d7408bcac376204d6b164de85db15e0570fd5e98e9cfd47386c1c8349254fe199db2ec7bded4bb84d347f98c
SSDEEP

3072:XIBK7hJLH0mpFr8GurSDzw3r7al8Xn3DJxJvvtn7CwS:3JLH0ytMrGqjJxxN8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 316	1112	rundll32.exe	16
PID 1112 wrote to memory of 316	1112	rundll32.exe	16
PID 1112 wrote to memory of 316	1112	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16f37c30cdeaf15b25a8e98a839dac83.dll,#1
1⤵
PID:316

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16f37c30cdeaf15b25a8e98a839dac83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads