5bac7c6622ebbdaa7716f6802926ee1b04c290c02dc2617c02b6bdcc8b52aff4 | Triage

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 07:37

Sharing

Report Analysis Logs

General

Target

5aa9370de2403ec2a35624a2e6dd108d.dll
Size

34KB
MD5

5aa9370de2403ec2a35624a2e6dd108d
SHA1

69cd1e4d7776db44e671b645884a9ca488897707
SHA256

5bac7c6622ebbdaa7716f6802926ee1b04c290c02dc2617c02b6bdcc8b52aff4
SHA512

dff5b4a3981c1ed8af886f4a3d0389032e0b4aa24623aca8aeabfe328ee40283883541d60cfa1c93bf2a776d18a2a3aae6f1079d885481e5fe1c0c6a7626486b
SSDEEP

768:mJOcSsphT92HPYXzNj75ZMfC5Chw09FRst5:mJOHeT8Hm75ZM6U6yFRc5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 2172	3852	rundll32.exe	88
PID 3852 wrote to memory of 2172	3852	rundll32.exe	88
PID 3852 wrote to memory of 2172	3852	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa9370de2403ec2a35624a2e6dd108d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa9370de2403ec2a35624a2e6dd108d.dll,#1
  2⤵
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads