71c877fba7bfca0d70d3c0a31ec24757a073d158fb2aad62891377bc87f45baa | Triage

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2024, 04:11

Sharing

Report Analysis Logs

General

Target

5c1984c526e0faad88b0cc2d3be08ad6.dll
Size

136KB
MD5

5c1984c526e0faad88b0cc2d3be08ad6
SHA1

56ed7e4a431a85fe24cae148805cb5fc3f454267
SHA256

71c877fba7bfca0d70d3c0a31ec24757a073d158fb2aad62891377bc87f45baa
SHA512

c147d1e76027053f806353fbc89d81063ca59d8662742722c10524b5c2592ae0a059583fef74aaecf3655a11e7ad8ed975e998ca4e29f84b22ead21c714b39f0
SSDEEP

3072:hzjnfsD31Oc9HkDdI2X+KUbRSfZ9basskfoJ8Zx:hzrC3192DNXEA9btHXx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1600	1524	rundll32.exe	85
PID 1524 wrote to memory of 1600	1524	rundll32.exe	85
PID 1524 wrote to memory of 1600	1524	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c1984c526e0faad88b0cc2d3be08ad6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c1984c526e0faad88b0cc2d3be08ad6.dll,#1
  2⤵
  PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-0-0x0000000000BB0000-0x0000000000BBA000-memory.dmp

Filesize
40KB

Download
memory/1600-2-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download