6c28b98be9f41f12109189e49059463c733794d4d5ee6c425a10b71ebab15476 | Triage

Analysis

max time kernel
187s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:34

Sharing

Report Analysis Logs

General

Target

17402b3665a92e8268669fce81db2c65.dll
Size

138KB
MD5

17402b3665a92e8268669fce81db2c65
SHA1

0059c811b6c9332eb1f8922bff81db2ccaa3b8b5
SHA256

6c28b98be9f41f12109189e49059463c733794d4d5ee6c425a10b71ebab15476
SHA512

fa8c8c8356592611f1a67e4fde2eda464c162505dca263326248a2082b183c351fcc476c6304a96050f93ffea50346f0b2a73a30394e1c433e4cf0300be020d7
SSDEEP

3072:gxVjantS/u6QjXsfjNoX3R1+bneGQJjkWhl5XRJ2g:gxVjI4/vfx4B+npyhl5L

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 2104	4412	rundll32.exe	87
PID 4412 wrote to memory of 2104	4412	rundll32.exe	87
PID 4412 wrote to memory of 2104	4412	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17402b3665a92e8268669fce81db2c65.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17402b3665a92e8268669fce81db2c65.dll,#1
  2⤵
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2104-1-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download