b9d7f730eb68fda6be1af49b85c8dba359994f810f37348390a5c7ab89e6e019 | Triage

Analysis

max time kernel
138s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 17:08

Sharing

Report Analysis Logs

General

Target

4bff37440a3f0fdc8ab433dc0022644f.dll
Size

62KB
MD5

4bff37440a3f0fdc8ab433dc0022644f
SHA1

51d14709793c18c420d1e5cc0f929a6c5fa2a70f
SHA256

b9d7f730eb68fda6be1af49b85c8dba359994f810f37348390a5c7ab89e6e019
SHA512

37acdc27e8f5f5543a977b2ad8fcf800d39044a612fca4aaf318d457cd914b07b3bc91af2c40d7cc0053e1256fdad99386f5c6b994c45718b48b705ed989abdd
SSDEEP

1536:ejjbjjeYSsgJIlXK+kYAdpp2MNxackcpecYxNDPk:4bjjnAJP+oZJNxalcp0xNw

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 4996	4276	rundll32.exe	16
PID 4276 wrote to memory of 4996	4276	rundll32.exe	16
PID 4276 wrote to memory of 4996	4276	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bff37440a3f0fdc8ab433dc0022644f.dll,#1
1⤵
PID:4996

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bff37440a3f0fdc8ab433dc0022644f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads