77d8f2806bda75a1040f10d6ce818d7134c4b05c4a8dddb7ce53d3d8fa9fea12 | Triage

Analysis

max time kernel
175s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c40e0a3bc373926d5f69537b6db4a4b.dll
Size

9KB
MD5

1c40e0a3bc373926d5f69537b6db4a4b
SHA1

4475bc054dedaeb1d10584fe7088c5ad989f5538
SHA256

77d8f2806bda75a1040f10d6ce818d7134c4b05c4a8dddb7ce53d3d8fa9fea12
SHA512

4abb157b9ceab240bb6fda78165185fba60762efce89b152a3adc5adaceadba7c5184d864b7cca48ba653a6454e85efa9a5c429c97962700aab09c87342fe5bf
SSDEEP

192:5kVYPCmIDyVmvj3WpX3eQULj1//JwvRJgL+9hkwVrx:iCCdGAvq93Ylk3S+9hn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 4928	2556	rundll32.exe	50
PID 2556 wrote to memory of 4928	2556	rundll32.exe	50
PID 2556 wrote to memory of 4928	2556	rundll32.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c40e0a3bc373926d5f69537b6db4a4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c40e0a3bc373926d5f69537b6db4a4b.dll,#1
  2⤵
  PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4928 -ip 4928
1⤵
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads