81800f89af9e29b4fc318a90f750b8d7140b17c92a635c6a4c7aeed782c6434c | Triage

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:15

Sharing

Report Analysis Logs

General

Target

378f86b815e2c304953b4a426f6c125f.dll
Size

141KB
MD5

378f86b815e2c304953b4a426f6c125f
SHA1

530ff3c5e9aa0349a3f92c55471b8f3e632f78cf
SHA256

81800f89af9e29b4fc318a90f750b8d7140b17c92a635c6a4c7aeed782c6434c
SHA512

b43af60ec4fc24945d2fcb8c759def35a9325fd35e7bb7b3a979ffa6a841a64e00f3e7868c7b3564cc6797b662f45754606f904826c3d05289cbeeb53809217a
SSDEEP

3072:XMq3qCEqUTIzWodffH/oDY/FBkyygR7Lxnf4kNC:cq3q9bT1oxPwEtB3t4kk

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 2420	4752	rundll32.exe	56
PID 4752 wrote to memory of 2420	4752	rundll32.exe	56
PID 4752 wrote to memory of 2420	4752	rundll32.exe	56

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\378f86b815e2c304953b4a426f6c125f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\378f86b815e2c304953b4a426f6c125f.dll,#1
  2⤵
  PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download