eaccbacacb0c0dd4324f366018737906a1c008357bd82a83eae80c3db43c3366 | Triage

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 00:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

95c00f19d5eaa887c70968d2273199c3.dll
Size

27KB
MD5

95c00f19d5eaa887c70968d2273199c3
SHA1

c41bf9f67c9d420f1ece0ed0eca9b7e72fae4438
SHA256

eaccbacacb0c0dd4324f366018737906a1c008357bd82a83eae80c3db43c3366
SHA512

767f18cdf04c895947a20fa7c742f7165d4b8c84481b7627ce9513369157f5a6d9a9c5f2e2c46b505ec94c0d1757c4226f95d09af67cadb70465e161dcb46119
SSDEEP

768:VM6BwIqHIerfs4ww3KDV+8haigsJmCjXN:VMLNXUw3Mc8/jXN

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5032	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 5032	4956	rundll32.exe	83
PID 4956 wrote to memory of 5032	4956	rundll32.exe	83
PID 4956 wrote to memory of 5032	4956	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95c00f19d5eaa887c70968d2273199c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95c00f19d5eaa887c70968d2273199c3.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads