40467bf55d34e7d3b57b18729154072ef2c310446a9814f82533ec004fc9be8d | Triage

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 12:44

Sharing

Report Analysis Logs

General

Target

40e4c083da257bb7c0bc04f7eeef4299.dll
Size

120KB
MD5

40e4c083da257bb7c0bc04f7eeef4299
SHA1

16426053b1ad93fa3832b4f083f1bbce8d172992
SHA256

40467bf55d34e7d3b57b18729154072ef2c310446a9814f82533ec004fc9be8d
SHA512

65bcf4d25a0fd984303538ad1a8cdff0f096ab0cfc14e54e4419fa78cc2e1b56b980b8cca55cc63d6b6db97221345d7833519dc1e770a89f05276faf202542e9
SSDEEP

3072:DJq8LGgTkFZ2wn/nVwpuqmWa8b8+vnCwjxZ/tC:D4EdkFoePVxua23nfjPtC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 5076	3888	rundll32.exe	50
PID 3888 wrote to memory of 5076	3888	rundll32.exe	50
PID 3888 wrote to memory of 5076	3888	rundll32.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e4c083da257bb7c0bc04f7eeef4299.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e4c083da257bb7c0bc04f7eeef4299.dll,#1
  2⤵
  PID:5076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5076-0-0x0000000001390000-0x000000000139B000-memory.dmp

Filesize
44KB

Download
memory/5076-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download