52e9b0b87a3b9253d97fe7bb25b25f70d0a82748a3216e69408a5a0758136cae | Triage

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 16:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9c1d83ce7c6cf7f70a37f71ef0de250f.dll
Size

33KB
MD5

9c1d83ce7c6cf7f70a37f71ef0de250f
SHA1

b1e7fe7860aaa474dfb1a5a83c23a3329c075b5e
SHA256

52e9b0b87a3b9253d97fe7bb25b25f70d0a82748a3216e69408a5a0758136cae
SHA512

3d79b23f38cdd68ec632745f1e22053950d2eed4e489ff60903d39cab091f68df2628f8c3f244f80743f3dc82134b09e6467e2af98fd63c9b7874811ef049111
SSDEEP

768:QjfpxMbuMJ1J5W66j8lu7MQQSNVOo2R8o8f:Qjfpxri5WRY47MQQs0R8o8f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2992	2276	rundll32.exe	84
PID 2276 wrote to memory of 2992	2276	rundll32.exe	84
PID 2276 wrote to memory of 2992	2276	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c1d83ce7c6cf7f70a37f71ef0de250f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c1d83ce7c6cf7f70a37f71ef0de250f.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads