6e33d4b30fe7d40a8f230a03565e4a386f9bf3db0be3d91febe117e3a5fc43fc | Triage

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 02:10

Sharing

Report Analysis Logs

General

Target

24011ad12a3cd6200944ea2ba144f789.dll
Size

9KB
MD5

24011ad12a3cd6200944ea2ba144f789
SHA1

5c25d19a97f6db6cb7469dd218bc8e9c88439a87
SHA256

6e33d4b30fe7d40a8f230a03565e4a386f9bf3db0be3d91febe117e3a5fc43fc
SHA512

0dcd4eeff28383accf83c0bbacf00377aa841d987e43f4447c8dcf311720a18fa905ba757b4959daf9631e4140f229c2db38fc421529775b5d4bdf175e600144
SSDEEP

192:5msRbrEg7PGtCkDDQxN8Cj0dY/OwASGwWC94DkgUwur:5Xx7OtxQxH0+tAIWXcd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4340	5044	rundll32.exe	89
PID 5044 wrote to memory of 4340	5044	rundll32.exe	89
PID 5044 wrote to memory of 4340	5044	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24011ad12a3cd6200944ea2ba144f789.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\24011ad12a3cd6200944ea2ba144f789.dll,#1
  2⤵
  PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4340-0-0x0000000025000000-0x0000000025015000-memory.dmp

Filesize
84KB

Download