4158805fabe28f7478df1030afae68b6784fd021ef7c7728a1ac51efd8c42d14 | Triage

Analysis

max time kernel
136s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 09:03

Sharing

Report Analysis Logs

General

Target

5317f38f79236812525d3eee9856ff6a.dll
Size

32KB
MD5

5317f38f79236812525d3eee9856ff6a
SHA1

78efcbfc553673c74f5a3e78ab1f0a86bda47c0a
SHA256

4158805fabe28f7478df1030afae68b6784fd021ef7c7728a1ac51efd8c42d14
SHA512

1e2da060f88bca7f5609d9b1138a55dfc9cfaa77c85363e633f2b692af9089fc10ca7b44487e1b830fd547e3ef29c27364b0e1cf825d3670d5546ae79de606f2
SSDEEP

768:hOi7PLC/1VUuuswV5Ld19fzQ9zWmoB+TZ:BHWVphwVF+CmJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 1612	4404	rundll32.exe	88
PID 4404 wrote to memory of 1612	4404	rundll32.exe	88
PID 4404 wrote to memory of 1612	4404	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5317f38f79236812525d3eee9856ff6a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5317f38f79236812525d3eee9856ff6a.dll,#1
  2⤵
  PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads