527659242b0c8465dfe3f0c823c6d5792d0444e17e20e79f513595051ce88cb9 | Triage

Analysis

max time kernel
138s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 08:57

Sharing

Report Analysis Logs

General

Target

45d1f4f011b590c11e1ce295b3e834a3.dll
Size

113KB
MD5

45d1f4f011b590c11e1ce295b3e834a3
SHA1

4f61327adebb44785910461d52c7a7af78be76b0
SHA256

527659242b0c8465dfe3f0c823c6d5792d0444e17e20e79f513595051ce88cb9
SHA512

6551d38137f342812904bc23f8f731ee3eabdaa07bb8e272d82c345d44c50eca0b130c12b05889c45808b25ffe0d163ada103333dc3d6ece4ef285d12947a3d0
SSDEEP

3072:vD/NlC3MyYcTOUPTSZGtWupXPkoQGImV9GYoigC:vJlC3My9vSZGkQPkojut

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2260	2768	rundll32.exe	14
PID 2768 wrote to memory of 2260	2768	rundll32.exe	14
PID 2768 wrote to memory of 2260	2768	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d1f4f011b590c11e1ce295b3e834a3.dll,#1
1⤵
PID:2260

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d1f4f011b590c11e1ce295b3e834a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-1-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/2260-0-0x00000000013C0000-0x00000000013CA000-memory.dmp

Filesize
40KB

Download