c6eb1f582e8a82d066f041261b0b082695d5b057d17dcc3363e3547444362ed9 | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:33

Sharing

Report Analysis Logs

General

Target

2bd33bd248a21d3f6ab7495eeb3dc092.dll
Size

48KB
MD5

2bd33bd248a21d3f6ab7495eeb3dc092
SHA1

86d6055b2599b2ce0e6b77403ef07a59e39997fe
SHA256

c6eb1f582e8a82d066f041261b0b082695d5b057d17dcc3363e3547444362ed9
SHA512

be307f5cfd9aadf7a64469e97144691ab5d7455b826da09acb17fcc204ddc2588b3a4186b6115f7a54c6b13caee453ec3d7dd1e2c21538efab213a37422a3607
SSDEEP

768:5NesDjA2VtTvRPrOEKZe8eeAnbNufsoiGgqKFeJ:jes3TvRrOjpAnailqK4J

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4516	rundll32.exe
4516	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 4516	4820	rundll32.exe	15
PID 4820 wrote to memory of 4516	4820	rundll32.exe	15
PID 4820 wrote to memory of 4516	4820	rundll32.exe	15
PID 4516 wrote to memory of 3140	4516	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd33bd248a21d3f6ab7495eeb3dc092.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd33bd248a21d3f6ab7495eeb3dc092.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4516

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads