4b986225a410654ef5117466dd4519983e98c6f0b1d1b5f9e4c11d48166e55af | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 01:20

Sharing

Report Analysis Logs

General

Target

22c4659a6b9a521d276b1ed0caf73f52.dll
Size

23KB
MD5

22c4659a6b9a521d276b1ed0caf73f52
SHA1

3abf0ccad2a8779f671776cebe4ace5feca4e5f7
SHA256

4b986225a410654ef5117466dd4519983e98c6f0b1d1b5f9e4c11d48166e55af
SHA512

010c9bbeebc14c4ec27e1ee8658fc038faed5ace6c0546400f9bc4f89ac8508d42b5e8b9445fe94044066bf27aace75cbd1bde9422da4c93cabdca9e9b154284
SSDEEP

384:o16UV/ncBXR0NUJei6ZkIgWgtW+DHV8pQYJLWLdbvCi:DmUJoKrjA1Libai

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 2128	3540	rundll32.exe	66
PID 3540 wrote to memory of 2128	3540	rundll32.exe	66
PID 3540 wrote to memory of 2128	3540	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22c4659a6b9a521d276b1ed0caf73f52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22c4659a6b9a521d276b1ed0caf73f52.dll,#1
  2⤵
  PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads