1867d062dc4dc011223fedcfe2ab33148012bfd0f6216e282ed6d02fede7ac18 | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 13:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b90c747d6937c71db7ef710527da549.dll
Size

27KB
MD5

4b90c747d6937c71db7ef710527da549
SHA1

c3d299bd50627b7d1e44906109da9375653b870c
SHA256

1867d062dc4dc011223fedcfe2ab33148012bfd0f6216e282ed6d02fede7ac18
SHA512

3537c00fb2aac113c418e9673d70db0cbd470bd35c4ec1fb01b5663e195af1f74406db83a3f3e0b17695ee819b33f4842d569208c00b121b7f4f7c162671b243
SSDEEP

768:fKSQquzz0GQgrKbRgCj0y7OkZFlXPBN6QIgK:lQquzz0GQaCnF57vK

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 4848	3088	rundll32.exe	90
PID 3088 wrote to memory of 4848	3088	rundll32.exe	90
PID 3088 wrote to memory of 4848	3088	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b90c747d6937c71db7ef710527da549.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b90c747d6937c71db7ef710527da549.dll,#1
  2⤵
  PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-0-0x0000000000210000-0x000000000021D000-memory.dmp

Filesize
52KB

Download