d6770d6421c9d1d5b59dc6af16b4f029da9d6b0cd260003cc3e29de7735bc3d5 | Triage

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 11:18

Sharing

Report Analysis Logs

General

Target

7737e8567efec3bd7afb3e651f9bb5f0.dll
Size

70KB
MD5

7737e8567efec3bd7afb3e651f9bb5f0
SHA1

6a3216b73e711498adc28dcbcb8ca2f410c8d689
SHA256

d6770d6421c9d1d5b59dc6af16b4f029da9d6b0cd260003cc3e29de7735bc3d5
SHA512

34074bd7569e54cc88b8048febd17db1436128388eb6e5e9b6e419bcec1ccf3b4847558e265dc817a8bd67fd0fa5e168899c7426e72e0f29f8a916979d487455
SSDEEP

1536:EXTvLzlCC5eLqQimFvIMk9xhGSkOPXsl+AZ:EHzlzQi55hGSkOEl+AZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3236	4900	rundll32.exe	85
PID 4900 wrote to memory of 3236	4900	rundll32.exe	85
PID 4900 wrote to memory of 3236	4900	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7737e8567efec3bd7afb3e651f9bb5f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7737e8567efec3bd7afb3e651f9bb5f0.dll,#1
  2⤵
  PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads