9d7e58de0ac135df79cfece1b2f457ac07640d5a842d9be4f80634294a35c492 | Triage

Analysis

max time kernel
134s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 09:19

Sharing

Report Analysis Logs

General

Target

6508cce6ed083af3c34b78a42f2e331f.dll
Size

132KB
MD5

6508cce6ed083af3c34b78a42f2e331f
SHA1

6b0aaa0e3ccab03a520302029deca35ba0523dfe
SHA256

9d7e58de0ac135df79cfece1b2f457ac07640d5a842d9be4f80634294a35c492
SHA512

de41a6e1a89fbf3ef6f76e70f0fbb49f3a628ad6e6da40a3502907fb3c4eeda62c50df1258189162c1d3e2bbb377694a1c5879ac65dc584bb40049ebf9fa6ea6
SSDEEP

3072:dOQ/SyOcEXfRu3sMVkSx862dB5t1z7jOIXHL+lck0rlg:4MVkBDBhHHkX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 840	704	rundll32.exe	86
PID 704 wrote to memory of 840	704	rundll32.exe	86
PID 704 wrote to memory of 840	704	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6508cce6ed083af3c34b78a42f2e331f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6508cce6ed083af3c34b78a42f2e331f.dll,#1
  2⤵
  PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads