64e1721597bc8a1394970c32924f36656d996a5269180d6844abc264430a2e2e | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 22:02

Sharing

Report Analysis Logs

General

Target

User32.dll
Size

420KB
MD5

473cf1c7c30d47ee348102d4afb6aeac
SHA1

1c926050468a3ad3f35a8a00b83a3554ac92494a
SHA256

64e1721597bc8a1394970c32924f36656d996a5269180d6844abc264430a2e2e
SHA512

515bd25252798300aa8d34ee2aacaf72c4d8c2456f2197ef138625be13260ddafe771e7a61e477b75e315ec448ab1280721aede43194fbc3603f3daa4a632d1f
SSDEEP

6144:/jlpC5T7Np+ez981cRnT7G2UZGTvPAfljF2k91yc5vm5jRIPynzwIiAtHa1mZU74:psNNu40ynz0lmv95

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3584	2172	rundll32.exe	84
PID 2172 wrote to memory of 3584	2172	rundll32.exe	84
PID 2172 wrote to memory of 3584	2172	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\User32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\User32.dll,#1
  2⤵
  PID:3584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads