c236d6d9ec7e422da788acfb66f787c69381403fa2eb264a5a638d719eca96f7 | Triage

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 15:18

Sharing

Report Analysis Logs

General

Target

7a954cf9f3c66b77de601f7cd8f49233.dll
Size

34KB
MD5

7a954cf9f3c66b77de601f7cd8f49233
SHA1

3f50e5dfa49eec82cb883844f6c523f00b991d3e
SHA256

c236d6d9ec7e422da788acfb66f787c69381403fa2eb264a5a638d719eca96f7
SHA512

bb87172c3038522ac08ec4a4ce4cb4973c27e189718ab733d6dffcf1ffccebe4f14001db83196e2fa14bc7e0c4e29a4569c44080107f101ae1f1717b978ab61e
SSDEEP

768:NbOhTLYMpXQ3T3YNrZr//7WvkZCOqhnPmRZFl1:BOhTPN/Nr17WvHpORZF/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 4616	4488	rundll32.exe	47
PID 4488 wrote to memory of 4616	4488	rundll32.exe	47
PID 4488 wrote to memory of 4616	4488	rundll32.exe	47

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a954cf9f3c66b77de601f7cd8f49233.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a954cf9f3c66b77de601f7cd8f49233.dll,#1
  2⤵
  PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads