85854166f2ae16bb49006a12806ee1cf7beebb9f0d7d835c68b764debb3f4615 | Triage

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 20:16

Sharing

Report Analysis Logs

General

Target

4457e02558f32015f3f7c175a78aede0.dll
Size

389KB
MD5

4457e02558f32015f3f7c175a78aede0
SHA1

038f87c228d443b0db59d8b60026ed1615316b3e
SHA256

85854166f2ae16bb49006a12806ee1cf7beebb9f0d7d835c68b764debb3f4615
SHA512

3377b1993eef6e1267db21bac1b927ebb7401da52910d5be661d2774177dd9f9e463336dc3b1f3dd0931c3f8ab843f5df1d549faddde353ad49182d4577a2e5a
SSDEEP

12288:5P+eM73b6uIACwljvncf+Uzjx73iv1CrrE:AeU6Scf+ixziv8rr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 4184	4156	rundll32.exe	24
PID 4156 wrote to memory of 4184	4156	rundll32.exe	24
PID 4156 wrote to memory of 4184	4156	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4457e02558f32015f3f7c175a78aede0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4457e02558f32015f3f7c175a78aede0.dll,#1
  2⤵
  PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4184-0-0x0000000074210000-0x00000000749BF000-memory.dmp

Filesize
7.7MB

Download