c5bfdb2b2a0b211892a5959a257a6d19044a2f8b70b04a6c5279a9f1743fca7b | Triage

Analysis

max time kernel
147s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:03

Sharing

Report Analysis Logs

General

Target

2b0e8bd3fdccfc58e27194310459c35e.dll
Size

72KB
MD5

2b0e8bd3fdccfc58e27194310459c35e
SHA1

27290a505e3e2d0cdfeefd1911c1d34048055a7d
SHA256

c5bfdb2b2a0b211892a5959a257a6d19044a2f8b70b04a6c5279a9f1743fca7b
SHA512

7417bbe1874e39e66a89151b56e51ba50b7ac5b82e78c65b3d435a1997764df5892f05c1c9f1920a1e64b4cf5a63cd0a40dd30e83a17eb468d511b0b706aec1a
SSDEEP

1536:X0PGh363Ica7f+0Vc8Hj0UxHZ2VL7nAAannADy:XGe362r/cIGEnnADy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 1488	4956	rundll32.exe	16
PID 4956 wrote to memory of 1488	4956	rundll32.exe	16
PID 4956 wrote to memory of 1488	4956	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b0e8bd3fdccfc58e27194310459c35e.dll,#1
1⤵
PID:1488

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b0e8bd3fdccfc58e27194310459c35e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads