4f30a353ebaea6ecf2e006b43724a6f577c63cea5e373487ff003c9dd73a16f4 | Triage

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 16:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bddb9e6a8b7fcc89c803fd9002e8e1b.dll
Size

33KB
MD5

4bddb9e6a8b7fcc89c803fd9002e8e1b
SHA1

3447f6d1f37efb4fb1579067fe1a0d261fd452f2
SHA256

4f30a353ebaea6ecf2e006b43724a6f577c63cea5e373487ff003c9dd73a16f4
SHA512

4422244706bb4fc8b2890f9d2960e3b132dc6d6bcce798a9576e261423a029970816b4092490683cf927c3dda883c4db3247c7b0310595ed89d62f2c49929c94
SSDEEP

768:97v1b7TDuSxa/0xyDcl27l5+uMSVOiuGROku9A:9z1b9a/3A47l5+uVFRFu+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 368	4856	rundll32.exe	75
PID 4856 wrote to memory of 368	4856	rundll32.exe	75
PID 4856 wrote to memory of 368	4856	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bddb9e6a8b7fcc89c803fd9002e8e1b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bddb9e6a8b7fcc89c803fd9002e8e1b.dll,#1
  2⤵
  PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads