25e68fc4be38da3622d5a86e21a46c5270c21b18aab8066ed5c52b2917471820 | Triage

Analysis

max time kernel
436s
max time network
448s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
07-02-2024 03:58

Sharing

Report Analysis Logs

General

Target

Geode.dll
Size

6.0MB
MD5

78f2bdbe9ab98becbc1d6aa4b6b7b9cc
SHA1

bd65f0b477849f590e66e841c8ab138d9013effc
SHA256

b1a16a2ff339503d9249bc05d92f09cda96b7e720fe12dcac18c853169f8e5a6
SHA512

5318d79d9fc3985b217f540e4431e62c44fdbdbccacfa5a18838295c717b3223fbbbe0e9cef81de9bc6f4fd74d464a4acfd7ed0200c18b8c90fee651b4858b82
SSDEEP

49152:K5Kef7WVrZ10DkXHxCrCMF10U1q64CTbzvSK0kgz:AKef7WkkXRcCsRA64yb7SK0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4060 wrote to memory of 4580	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 4580	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 4580	4060	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Geode.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Geode.dll,#1
2⤵
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads