0754de93dc4cc3d1bf02dd514db48d7a2a98c3ccf6cdb6923769100b0b7ec38e | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 00:35

Sharing

Report Analysis Logs

General

Target

4251a4ac922fd0ab66ecd32bd8499537.dll
Size

33KB
MD5

4251a4ac922fd0ab66ecd32bd8499537
SHA1

ac8e35eb3567d867acc33872c23dd9c58c0982a2
SHA256

0754de93dc4cc3d1bf02dd514db48d7a2a98c3ccf6cdb6923769100b0b7ec38e
SHA512

8c278bf7f7e8751fa5c2b3d4348223854673d0ef997ee184b3b21e9f1deb15920cddaaaedabf9fcb8cfdf4a6f5be2aaab60d79b040c595e5d023d6ace46d7cc2
SSDEEP

768:ZEaVI5HfxVed0j1na778f02ONVO0xRAdX:ZEaVo1j1o7802gvRkX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 212	2792	rundll32.exe	84
PID 2792 wrote to memory of 212	2792	rundll32.exe	84
PID 2792 wrote to memory of 212	2792	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4251a4ac922fd0ab66ecd32bd8499537.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4251a4ac922fd0ab66ecd32bd8499537.dll,#1
  2⤵
  PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads