25a954aa3590d60b1936e419bf71d226055a37cd4ed66d7135909a6aa221fa14 | Triage

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 13:05

Sharing

Report Analysis Logs

General

Target

4e600af626cfc2b600dc2a076211d84c.dll
Size

72KB
MD5

4e600af626cfc2b600dc2a076211d84c
SHA1

8ae13fa3722a09f3854f0110b73d3310b1c7313a
SHA256

25a954aa3590d60b1936e419bf71d226055a37cd4ed66d7135909a6aa221fa14
SHA512

b9ab4ff4ef7c2d7c12b78dbd46d4d281e06cc78e41e93c5f78ef974288334ae8e9578d156aa6d6422ce9653d7266a70bde7147cebf82d0532b51394d2ae395bf
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 3036	3296	rundll32.exe	15
PID 3296 wrote to memory of 3036	3296	rundll32.exe	15
PID 3296 wrote to memory of 3036	3296	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e600af626cfc2b600dc2a076211d84c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e600af626cfc2b600dc2a076211d84c.dll,#1
  2⤵
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads