bf5d75a65877f9f5274b491eb59f3b97403dca9e6a4c7a3fc67b65ee1d685d94 | Triage

Analysis

max time kernel
135s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 10:00

Sharing

Report Analysis Logs

General

Target

6754b9295c9e60828a9956b7ec01b08c.dll
Size

240KB
MD5

6754b9295c9e60828a9956b7ec01b08c
SHA1

3a3f40f4c48153642def78f9b9fae373c019663f
SHA256

bf5d75a65877f9f5274b491eb59f3b97403dca9e6a4c7a3fc67b65ee1d685d94
SHA512

80da72a097251ffd37669887fc4bfe97465b598d19844213b6f2fe75fe70f83ff56d71cc8f36c41daeb1951d2db47b232685243256e4f95e426cdc5dc96b265c
SSDEEP

768:sLmdTpfMhbUWnEbsnNoI+xRWsEBBQARQkvpqc:smNpfMhJXaZRWsEBBQARN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4300	4080	rundll32.exe	84
PID 4080 wrote to memory of 4300	4080	rundll32.exe	84
PID 4080 wrote to memory of 4300	4080	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6754b9295c9e60828a9956b7ec01b08c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6754b9295c9e60828a9956b7ec01b08c.dll,#1
  2⤵
  PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads