e95e866f596dca47ffe3a511e29fa157b54764075e3dd1740d9096b534d3465e | Triage

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 16:48

Sharing

Report Analysis Logs

General

Target

77e1241d68cb8fff996362c9a0d72354.dll
Size

25KB
MD5

77e1241d68cb8fff996362c9a0d72354
SHA1

54ee02da473617afae06528988568fb78ac8dee4
SHA256

e95e866f596dca47ffe3a511e29fa157b54764075e3dd1740d9096b534d3465e
SHA512

86ac3f83d10b7f7f828df5b27635312b032f49564fff15e5a1818d0a182f6057d7e161f560d60cb4ef7e783661614de727b11c708e8e9d586b7320923078050b
SSDEEP

768:xmny4z8dasPmT8eDyu2BJhj5fywZK+pSs:TAu6Ls7hj5Cs

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1136	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 1136	4020	rundll32.exe	25
PID 4020 wrote to memory of 1136	4020	rundll32.exe	25
PID 4020 wrote to memory of 1136	4020	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77e1241d68cb8fff996362c9a0d72354.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77e1241d68cb8fff996362c9a0d72354.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads