999f8ee1f0aefabb1328e91ab3bee8328840510dfe4bfd6cb288dcfac98b6b49 | Triage

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 00:15

Sharing

Report Analysis Logs

General

Target

95be5c897ebb778d50e7e247008889cd.dll
Size

104KB
MD5

95be5c897ebb778d50e7e247008889cd
SHA1

a84d751208f3b5dfc6489434d0037a30a27868c9
SHA256

999f8ee1f0aefabb1328e91ab3bee8328840510dfe4bfd6cb288dcfac98b6b49
SHA512

82030f42ee0eb8d42bf6993b24d9fe641cd168d01200a9b6dca40644a208062279ed20cd6bd86b2348c0cdc647c621bd03b8f88da55abba6815d6301a45579b0
SSDEEP

3072:SU8IwFWJ/870Bcvew8fnjIy8qr/1z3Cc8E:SYJEwBcvI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 4392	3512	rundll32.exe	84
PID 3512 wrote to memory of 4392	3512	rundll32.exe	84
PID 3512 wrote to memory of 4392	3512	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95be5c897ebb778d50e7e247008889cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95be5c897ebb778d50e7e247008889cd.dll,#1
  2⤵
  PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4392-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download
memory/4392-1-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download