e44ab726ef620e4f1ae104c0a98c0eca4bacc0d8b8d3d04501f7dfdef1b6ddb5 | Triage

Analysis

max time kernel
174s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 23:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

423f3f663fa02c4c4684332d15114a01.dll
Size

848KB
MD5

423f3f663fa02c4c4684332d15114a01
SHA1

80d66ca5a8ab60c120d3600e38f1780a9d78bf0d
SHA256

e44ab726ef620e4f1ae104c0a98c0eca4bacc0d8b8d3d04501f7dfdef1b6ddb5
SHA512

d4922ffdb8fa26f3473604401bf10677ded8526677fbfc4e0b986cf356bc8347f4b015d8fb0232174ba936c73915dda2018e96138a88aad9d950a7e8bceaa77d
SSDEEP

12288:wF9Iq7kEt3/1EHI6ZI/WDcvCA5gCzgUFeG3pu3:wFFttv1cICI/WDcvHP0G3

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3588	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3588	3580	rundll32.exe	89
PID 3580 wrote to memory of 3588	3580	rundll32.exe	89
PID 3580 wrote to memory of 3588	3580	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\423f3f663fa02c4c4684332d15114a01.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\423f3f663fa02c4c4684332d15114a01.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads