4577e1340f659c9192ccecb6099f087d7e71773cdde470acc48c518fc0144281 | Triage

Analysis

max time kernel
143s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 09:06

Sharing

Report Analysis Logs

General

Target

8ec1abd7be3b974934f8c92f8e363a03.dll
Size

53KB
MD5

8ec1abd7be3b974934f8c92f8e363a03
SHA1

14366a0fb5b001c7e5595da20dd47c85d37265b0
SHA256

4577e1340f659c9192ccecb6099f087d7e71773cdde470acc48c518fc0144281
SHA512

986f37a9a8323c8eb7207dd1bb60f082c96980a23ec9d84560ee0320d716d7f296b347b19e2530392448e4917ed03f0cdc3662d1882ba00813fe90d24d6143f0
SSDEEP

1536:tS8ahR1LD2DkGmMNuYcoEFvj/Z4uDizc9oA:tbahR1LD2DMKcjV4uDizc9j

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2168	2848	rundll32.exe	84
PID 2848 wrote to memory of 2168	2848	rundll32.exe	84
PID 2848 wrote to memory of 2168	2848	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec1abd7be3b974934f8c92f8e363a03.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec1abd7be3b974934f8c92f8e363a03.dll,#1
  2⤵
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads