Analysis

  • max time kernel
    144s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 20:47

General

  • Target

    71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll

  • Size

    899KB

  • MD5

    4056ff52fc3297465ecfab806e5802f5

  • SHA1

    92d139b4a58c3a26f4c850552a6547a55a1f880e

  • SHA256

    71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1

  • SHA512

    5627539c915f151b64bc34e96584cf1319546f26b26bef50730a2686bf4722cda84f937c1624dbaaa775ae684f905d138c5b066d52c8a0da79782f20d781251f

  • SSDEEP

    24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX+:7wqd87V+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
    1⤵
    • Suspicious behavior: RenamesItself
    PID:2096
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads