c8f80d257def94937ee88e35249af7d90cabcd8711130a1a1e6b8e2afc4996e8 | Triage

Analysis

max time kernel
141s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:16

Sharing

Report Analysis Logs

General

Target

27cacc7364078aaf9f626a2ceb445aeb.dll
Size

24KB
MD5

27cacc7364078aaf9f626a2ceb445aeb
SHA1

720da421885e859e8a9c0d5ecec8bf0b41686a70
SHA256

c8f80d257def94937ee88e35249af7d90cabcd8711130a1a1e6b8e2afc4996e8
SHA512

89007131b3ee31cd407a508bc772605284aad6b1b8df16dbc7b25ee80a2807e052ed43bb50ee75d3ab08eb634608da0e189f73e5d1bae15b61672b153588cd5a
SSDEEP

192:MowgedbCbxv/fJ7YSd8pgLr8txPq1v4ipct5U:Mow9CbxHfJYSd2vSB4ipct5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2132	2412	rundll32.exe	53
PID 2412 wrote to memory of 2132	2412	rundll32.exe	53
PID 2412 wrote to memory of 2132	2412	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27cacc7364078aaf9f626a2ceb445aeb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27cacc7364078aaf9f626a2ceb445aeb.dll,#1
  2⤵
  PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads