21c7e0e2a1819b0611133684eaa18b032662d8a7f394f25787c540369eb26539 | Triage

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 20:00

Sharing

Report Analysis Logs

General

Target

706f78cb25f10893f557bfa0a6740bb8.dll
Size

67KB
MD5

706f78cb25f10893f557bfa0a6740bb8
SHA1

71596b7776a5072e82c5a282801057f9cbccd069
SHA256

21c7e0e2a1819b0611133684eaa18b032662d8a7f394f25787c540369eb26539
SHA512

e56a08d50e544c0711edf07092c400bbcfe501c2d46e9143fcb897075eac8c9dd5ad95e62cf5bb2558f041cbe66b219d749900f423dc9570ae3772678a1797d2
SSDEEP

1536:FQzm0/BcVDpA+fkrNEWEWJItFDXURxoyih5AT:FmmacfuhJIjXyihuT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 5072	4688	rundll32.exe	85
PID 4688 wrote to memory of 5072	4688	rundll32.exe	85
PID 4688 wrote to memory of 5072	4688	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\706f78cb25f10893f557bfa0a6740bb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\706f78cb25f10893f557bfa0a6740bb8.dll,#1
  2⤵
  PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5072-0-0x0000000000010000-0x0000000000023000-memory.dmp

Filesize
76KB

Download