e43dec64f95861c29a8fa90f5b44a1561f21c23a19dd7736d5acbc091d5478e3 | Triage

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 11:00

Sharing

Report Analysis Logs

General

Target

74853579531e421e4b6673d0e707978d.dll
Size

87KB
MD5

74853579531e421e4b6673d0e707978d
SHA1

38dfe488cbaf114e23063fbfb647503d2a725330
SHA256

e43dec64f95861c29a8fa90f5b44a1561f21c23a19dd7736d5acbc091d5478e3
SHA512

8328e98b029ba347f75e639e398d0b435687b3ba61dd2c2f6e669b3fe0ae086818cd5f8e965bd876b5b25e18ad315594e113deed0539a8bc035765828004294c
SSDEEP

1536:1d/UtMJWF23bTbsVWuvJfYZagGhr1zvmzr2vqdz6f:GFKsVWuvJfY4xhr1z+uv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3056	2372	rundll32.exe	74
PID 2372 wrote to memory of 3056	2372	rundll32.exe	74
PID 2372 wrote to memory of 3056	2372	rundll32.exe	74

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74853579531e421e4b6673d0e707978d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74853579531e421e4b6673d0e707978d.dll,#1
  2⤵
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads