7de34b228cc9adbba044a0a12c86e025e590f667e886f2f94c7d21c159b3b314 | Triage

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 17:28

Sharing

Report Analysis Logs

General

Target

VM31BTWN.dll
Size

76KB
MD5

cf82126e17c683c6c8777cecc3d817db
SHA1

c5826f770fc2a4c7fdaf35a2604137a34e4d47f3
SHA256

1fa0e406b60efe1d1eb0dd25492528764d683133ab83afd6b0d3546277e6dca4
SHA512

045bfd90ddddfe2230f3a8686eff3040d9bd326c52f5cc4013072c60a4fd7d717f728a98a3dc35fbe41c8a85fc1cdeb25564ba7274b76ba05828583d2ea129dd
SSDEEP

1536:GTG+zHnplBw/LxC2KMP7tGv5eOUL5CfMWaKga/DaBa4a+avajaoSafaLt:PLxJ8k90J6A

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3812	1972	rundll32.exe	89
PID 1972 wrote to memory of 3812	1972	rundll32.exe	89
PID 1972 wrote to memory of 3812	1972	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VM31BTWN.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VM31BTWN.dll,#1
  2⤵
  PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads