113dcca6ad8dc5d2f5b89fa08672dfc61b8fb168fc81015e3e8f27bc87a3e95f | Triage

Analysis

max time kernel
151s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:48

Sharing

Report Analysis Logs

General

Target

389fe61465fe4737cf610889f35acea5.dll
Size

117KB
MD5

389fe61465fe4737cf610889f35acea5
SHA1

68c59375307fbdb65a1354df9febc641394ecf97
SHA256

113dcca6ad8dc5d2f5b89fa08672dfc61b8fb168fc81015e3e8f27bc87a3e95f
SHA512

cdd28ab490ff6a4546065920457890b16e8c95da8f160cc4238ecda2ac3d70b24e1d2a47009aa0e417991141f132da4ce7f5d6c90bb16ec389f69869320e3ac9
SSDEEP

3072:NPwGJrHSURuB9LbC7PFx8C/uncjCwADtqRhWwx:DJryURuB9280uncjdADtqq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 4504	2060	rundll32.exe	89
PID 2060 wrote to memory of 4504	2060	rundll32.exe	89
PID 2060 wrote to memory of 4504	2060	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\389fe61465fe4737cf610889f35acea5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\389fe61465fe4737cf610889f35acea5.dll,#1
  2⤵
  PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4504-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download