b7d60624d398a407b48fdec22eeff380c136991e10e5eaa1baf176a74dd0eccf | Triage

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

976d35922802122d1d97d17a0ffc9eeb.dll
Size

19KB
MD5

976d35922802122d1d97d17a0ffc9eeb
SHA1

78ad483b1a84c54512172d2c5dc89499de7c0a8b
SHA256

b7d60624d398a407b48fdec22eeff380c136991e10e5eaa1baf176a74dd0eccf
SHA512

6498bc143eba7c1fd627f9c34068dfc0f1b524f633da5075eb31d105876a7583b088a1c7ce23fb234e0f148049203a47a0b91def7efed1417a6fb2265413fb3e
SSDEEP

384:IRMA48s4WuqbFODhI9U7lr2MwHb0yeK3afb:gs4lekhI9EaHb0ye8U

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 3716	4948	rundll32.exe	60
PID 4948 wrote to memory of 3716	4948	rundll32.exe	60
PID 4948 wrote to memory of 3716	4948	rundll32.exe	60

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\976d35922802122d1d97d17a0ffc9eeb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\976d35922802122d1d97d17a0ffc9eeb.dll,#1
  2⤵
  PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads