22a7bef820506413245fbf0ece3d5d69fe0d85865e6b2e2e146ac2aaa199a2bc | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 04:05

Sharing

Report Analysis Logs

General

Target

3fda19126ca1e7095a6fc6f2f98448e1.dll
Size

17KB
MD5

3fda19126ca1e7095a6fc6f2f98448e1
SHA1

9f4e83410bbf1a0e51338f3be6a0fa7808705506
SHA256

22a7bef820506413245fbf0ece3d5d69fe0d85865e6b2e2e146ac2aaa199a2bc
SHA512

f9fdf9e5aa4a4082be63f449b37fa9ef1ee4ffe58b13d9c87f1b0c1ff80457eed6dc589aa03613fa8c0e2d7617b0f02e05ac7b966b6f12ad488c533e59567ec9
SSDEEP

384:35pHHHZcmWSe1biMGxqATY4TZ3mR08FWGDnS:35JnZcmWcHx84TZ3NcS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 4488	3940	rundll32.exe	53
PID 3940 wrote to memory of 4488	3940	rundll32.exe	53
PID 3940 wrote to memory of 4488	3940	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#1
  2⤵
  PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4488-0-0x000000001A8C0000-0x000000001A8CD000-memory.dmp

Filesize
52KB

Download