ac9fb718a06f5ea046a5ce765f84c202c08c45814bcd10c9e74de3dfc8301878 | Triage

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-uk
resource tags

arch:x64arch:x86image:win10v2004-20240221-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
21-02-2024 15:16

Sharing

Report Analysis Logs

General

Target

InjectionLibrary.dll
Size

78KB
MD5

64ef546a5a013f36524507e7dfc70d09
SHA1

d6d0aabdc88b7a875fd666a65194e250cd9ef3e5
SHA256

7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016
SHA512

b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b
SSDEEP

1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3220	3316	rundll32.exe	82
PID 3316 wrote to memory of 3220	3316	rundll32.exe	82
PID 3316 wrote to memory of 3220	3316	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
  2⤵
  PID:3220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads