ac9fb718a06f5ea046a5ce765f84c202c08c45814bcd10c9e74de3dfc8301878 | Triage

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 14:10

Sharing

Report Analysis Logs

General

Target

InjectionLibrary.dll
Size

78KB
MD5

64ef546a5a013f36524507e7dfc70d09
SHA1

d6d0aabdc88b7a875fd666a65194e250cd9ef3e5
SHA256

7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016
SHA512

b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b
SSDEEP

1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5640 wrote to memory of 5636	5640	rundll32.exe	44
PID 5640 wrote to memory of 5636	5640	rundll32.exe	44
PID 5640 wrote to memory of 5636	5640	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
  2⤵
  PID:5636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads