7d112d0827b086451aede2f49965d5d225e589aa38b9e1243c8ffaba9544e344 | Triage

Analysis

max time kernel
148s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bc50ec9bcf6ea0c55b2e6d2adecba73.dll
Size

5KB
MD5

2bc50ec9bcf6ea0c55b2e6d2adecba73
SHA1

b534c2e5d70d207723da957b430e96b1b1c623fd
SHA256

7d112d0827b086451aede2f49965d5d225e589aa38b9e1243c8ffaba9544e344
SHA512

c4e0a338d9b50f252a041fef3676201a152e236c26112bce2fcdec44b26050e66c6d44cce741af9d9411bccd6e5b3b35bbd8244d1ce248954cf0be3e33e65936
SSDEEP

96:ZKzc7wD4aarnv2oowXrYiOUiOBhYxGFV:erDNarnuoN7YcJh/L

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4644	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 4644	688	rundll32.exe	88
PID 688 wrote to memory of 4644	688	rundll32.exe	88
PID 688 wrote to memory of 4644	688	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc50ec9bcf6ea0c55b2e6d2adecba73.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc50ec9bcf6ea0c55b2e6d2adecba73.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads