2c8e60af454aaa60cd9d2f89d77fe2e3ec836adbdd9fc922b915af370acb87bc | Triage

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 07:57

Sharing

Report Analysis Logs

General

Target

8e9ed3b7a04af42e4d411365e9161850.dll
Size

8KB
MD5

8e9ed3b7a04af42e4d411365e9161850
SHA1

2b1c447dc949338a3b681b6c584cc0a969759a44
SHA256

2c8e60af454aaa60cd9d2f89d77fe2e3ec836adbdd9fc922b915af370acb87bc
SHA512

34ac4d363fd0dabec969b1285ae1d47615f9ca9cf86d9cf1221997ac991cac4a5b67368d5a16c1a933cf333c9c1456f20597c0ab19a67cc37afc719811d3871e
SSDEEP

192:UR+4IyQwoHU0K266GU9JOnc27pSIzBWBWYAryWBm:y+UoJb9gncspSg0WYAryWB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 4572	2872	rundll32.exe	84
PID 2872 wrote to memory of 4572	2872	rundll32.exe	84
PID 2872 wrote to memory of 4572	2872	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9ed3b7a04af42e4d411365e9161850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9ed3b7a04af42e4d411365e9161850.dll,#1
  2⤵
  PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4572-0-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download