726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0 | Triage

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 16:45

Sharing

Report Analysis Logs

General

Target

5d951b5f89c57f0c0d86faef17768594.dll
Size

13KB
MD5

5d951b5f89c57f0c0d86faef17768594
SHA1

1f6888ce0c45299d7657c12eac0dda4e7d8456b9
SHA256

726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0
SHA512

da3c5b6dae39970a7f66f41b376424f77484c7e4df3d756c1795c97122ae05a3715ac8160a2bde9b3191bf296e9d5bad1767ca6ed9f01842d0b2cf1c6037188d
SSDEEP

384:YZLEcGtJG0uhcqZJIS5yoakJVuqbbV+ujzlm+M7i:WAcGts0unj9akfvX8EX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4948 wrote to memory of 3172	4948	rundll32.exe	rundll32.exe
PID 4948 wrote to memory of 3172	4948	rundll32.exe	rundll32.exe
PID 4948 wrote to memory of 3172	4948	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#1
2⤵
PID:3172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...