fda1b034aace761a5a9ab441e0e632ea8a0162f3e208ce48c44b5986e4240225 | Triage

Analysis

max time kernel
91s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b7c374fdef98eca4f9e4aede258bb2e.dll
Size

27KB
MD5

9b7c374fdef98eca4f9e4aede258bb2e
SHA1

3d57cc22fc2c0006e03233c67435947fce549555
SHA256

fda1b034aace761a5a9ab441e0e632ea8a0162f3e208ce48c44b5986e4240225
SHA512

36b60f41f5401aceaaddd1c3ac166a7de935e725db7932de552c0268241e3da1abef4c01d2c35f4bf3112e46cd919945eb07e1189425ba078d32e45d3b0147d6
SSDEEP

768:fsS70fMZOAN71g7sQtDOPR7L19n62i9UQq:fsk8AN/gUR7LDi9W

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85
PID 4744 wrote to memory of 5024	4744	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7c374fdef98eca4f9e4aede258bb2e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7c374fdef98eca4f9e4aede258bb2e.dll,#1
  2⤵
  PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads