7fc1ffcb9ca4511c65b3004bffcdb354baeb8f82006b5e1076ebab9f4bc6bb11 | Triage

Analysis

max time kernel
145s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:44

Sharing

Report Analysis Logs

General

Target

3883c9ebac21a2f11ee37323e50c13c4.dll
Size

281KB
MD5

3883c9ebac21a2f11ee37323e50c13c4
SHA1

8b300163621f29a494472a13f7ebdc5ff2b048bc
SHA256

7fc1ffcb9ca4511c65b3004bffcdb354baeb8f82006b5e1076ebab9f4bc6bb11
SHA512

1000fafafd4a7176d014433ade08500565d3b7c08d858e8d6aea682c5927ca22d66f25c91d6873f5a06f8262b7ee914bcc99d0280b88f8380143ebfc574539c8
SSDEEP

6144:mDS7iOc9kMGO0Xra/s8vyTBSN5EQFSWoCh:mic6M4ra/s8vyTMN5nSWL

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SCBYQDLP\	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 3504	3568	rundll32.exe	15
PID 3568 wrote to memory of 3504	3568	rundll32.exe	15
PID 3568 wrote to memory of 3504	3568	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3883c9ebac21a2f11ee37323e50c13c4.dll,#1
1⤵
- Drops file in Windows directory
PID:3504

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3883c9ebac21a2f11ee37323e50c13c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads