a9790cf588cd5692fef55c23142caafa6b8c484e9cac723821d94f12326996b6 | Triage

Analysis

max time kernel
130s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 14:49

Sharing

Report Analysis Logs

General

Target

67e32d9ee6b580022d7c7450ba1883f1.dll
Size

20KB
MD5

67e32d9ee6b580022d7c7450ba1883f1
SHA1

ba5dc773082fe1ad8158a0da2033eddf00ca7e8e
SHA256

a9790cf588cd5692fef55c23142caafa6b8c484e9cac723821d94f12326996b6
SHA512

f8f39b4fd688f41921673a850e3844f2ad7221c7e7b4ffb3f8cd1a9a86aa3848958e1ff0a5282d090166b8f62ac6e285118053a2a69009899718640426db3cad
SSDEEP

384:pK6p1hop8pjx++5R2sng+kUV5OL8FPScJx8/W9aH25Y:Y6p1h3mZsnr5R6/28

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 3812	2208	rundll32.exe	87
PID 2208 wrote to memory of 3812	2208	rundll32.exe	87
PID 2208 wrote to memory of 3812	2208	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67e32d9ee6b580022d7c7450ba1883f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67e32d9ee6b580022d7c7450ba1883f1.dll,#1
  2⤵
  PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads