a0e28f0adaa9d94749ac87434c3d23339ace929ea9c549f2af2bccbd0c723e17 | Triage

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:42

Sharing

Report Analysis Logs

General

Target

iexpress/W95INF32.dll
Size

4KB
MD5

fd80a30e65c3b45e00011c937693cfa4
SHA1

8f2a7c47e1ba4eaa5f675f7c95aac80bda88c006
SHA256

6e790f1424b4b5c892e3f32c5234c628d4587f9908ab72f0a455aa539bfa94e3
SHA512

9fcf18719d4c6eecb98c9f5573e28f791b30c3063033ad05aef9be1dbd9722dd05ff260a47e7f300d332437572ab01063fdd5902618bf0156e9855bee2dfe672
SSDEEP

48:6j3ME+xFUdzya+afSWbvgFLCBZW3IeIfXNFk5WgF:NUya+aZv++PWWXNyWg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2732	4832	rundll32.exe	34
PID 4832 wrote to memory of 2732	4832	rundll32.exe	34
PID 4832 wrote to memory of 2732	4832	rundll32.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\W95INF32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\W95INF32.dll,#1
  2⤵
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads